https://community.cisco.com/t5/network-security/acl-syntax-problem/m-p/2383719#M306874 <HTML><HEAD></HEAD><BODY><P>that is typically the case if the object-group is not available. Thats the reason I asked what you *really* configured on your box.</P><P></P><P></P><P>--&nbsp; <BR />Don't stop after you've improved your network! Improve the world by lending money to the working poor: <BR /><A class="jive-link-external-small" href="http://www.kiva.org/invitedby/karsteni">http://www.kiva.org/invitedby/karsteni</A></P></BODY></HTML> Wed, 18 Dec 2013 17:48:26 GMT Karsten Iwen 2013-12-18T17:48:26Z https://community.cisco.com/t5/network-security/acl-syntax-problem/m-p/2383716#M306869 <P>I have a ASA services modules in a 6509-E that is giving me issues with ragards to ACL syntax</P><P></P><P>Let's say I have a KMS server at 192.168.20.10</P><P></P><P>I want to allow all hosts to reach this server at port tcp 1688</P><P></P><P>so I do </P><P></P><P>object-group network KMS-SERVERS</P><P> host 192.168.20.10</P><P></P><P>then</P><P></P><P>access-list KMS-ACCESS-IN extended permit tcp any object-group KMS-SERVERS eq 1688</P><P></P><P>problem is, it WILL NOT take the "eq 1688"</P><P></P><P>this was a valid command in other IOS versions. Why isn't it working now?</P> Tue, 12 Mar 2019 03:20:11 GMT https://community.cisco.com/t5/network-security/acl-syntax-problem/m-p/2383716#M306869 Colin Higgins 2019-03-12T03:20:11Z https://community.cisco.com/t5/network-security/acl-syntax-problem/m-p/2383717#M306870 <HTML><HEAD></HEAD><BODY><P>Is that really what you configured? Your object-group doesn't look like that what you show here is what you did on your ASA.</P><P></P><P>Please verify and show the exact terminal-output.</P><P></P><P>--&nbsp; <BR />Don't stop after you've improved your network! Improve the world by lending money to the working poor: <BR /><A class="jive-link-external-small" href="http://www.kiva.org/invitedby/karsteni">http://www.kiva.org/invitedby/karsteni</A></P></BODY></HTML> Wed, 18 Dec 2013 17:35:45 GMT https://community.cisco.com/t5/network-security/acl-syntax-problem/m-p/2383717#M306870 Karsten Iwen 2013-12-18T17:35:45Z https://community.cisco.com/t5/network-security/acl-syntax-problem/m-p/2383718#M306871 <HTML><HEAD></HEAD><BODY><P>well that is my question</P><P></P><P>the command</P><P></P><P>access-list KMS-ACCESS-IN extended permit tcp any host 192.168.20.10 eq 1688</P><P></P><P>will work</P><P></P><P>access-list KMS-ACCESS-IN extended permit tcp any object-group KMS-SERVERS eq 1688</P><P></P><P>will not</P><P></P><P>I don't get any options after the object group</P><P></P><P>this used to work</P></BODY></HTML> Wed, 18 Dec 2013 17:38:56 GMT https://community.cisco.com/t5/network-security/acl-syntax-problem/m-p/2383718#M306871 Colin Higgins 2013-12-18T17:38:56Z https://community.cisco.com/t5/network-security/acl-syntax-problem/m-p/2383719#M306874 <HTML><HEAD></HEAD><BODY><P>that is typically the case if the object-group is not available. Thats the reason I asked what you *really* configured on your box.</P><P></P><P></P><P>--&nbsp; <BR />Don't stop after you've improved your network! Improve the world by lending money to the working poor: <BR /><A class="jive-link-external-small" href="http://www.kiva.org/invitedby/karsteni">http://www.kiva.org/invitedby/karsteni</A></P></BODY></HTML> Wed, 18 Dec 2013 17:48:26 GMT https://community.cisco.com/t5/network-security/acl-syntax-problem/m-p/2383719#M306874 Karsten Iwen 2013-12-18T17:48:26Z