ACL with object-group to object-group and port definitions

Rich Ahlert — Tue, 12 Mar 2019 04:11:18 GMT

Hello,

I have a scenario where I have multiple print servers on my outside interface that need to print/communicate to printers on my inside interface. I have setup a 1 to 1 nat for the printers but need to figure out the ACl for it. My thought was to group all my outside print servers together in one object-group and group all my inside printer networks in another object-group and then put all the ports in an another object-group then write the acl as follows

access-list ALLOW-OUTSIDE-to-INSIDE-PRINTING extended permit object-group PRINTER-PORTS object-group OUTSIDE-PRINT-SERVERS object-group INSIDE-PRINTERS

but all I get after the first object-group parameter is a return option <CR>. The code running on the ASA is 8.6. Is this possible? Do I need to upgrade to the latest 9.x code?

You have to have created the

guibarati — Wed, 14 May 2014 17:56:58 GMT

You have to have created the object-group service before you try this command. (That is right, even before you press "Enter", when you use "?" to see the command syntax if the name of the service group you used in the line doesn't exist ASA won't show the rest of the command.)

Thank you guibarati.

Rich Ahlert — Wed, 21 May 2014 14:57:39 GMT

Thank you guibarati.

topic Thank you guibarati. in Network Security

ACL with object-group to object-group and port definitions

You have to have created the

Thank you guibarati.