https://community.cisco.com/t5/network-security/multiple-ports-in-extended-access-list/m-p/2199255#M361809 <P>Allow Source 10.137.10.66 Destination 10.10.24.109 ports 1198,1199,5445,5455<BR /><BR />How I can add above ports in access list ??<BR /><BR /># access-list secure_access extended permit tcp object-group xxxx host xxxxx (ports??)<BR /><BR />1. How I can create object group for multiple ports?<BR />2. How if I don't create object group for multiple ports?<BR /><BR />Thanks<BR />Any PDF for how to add multiple ports and make groups in extended access list will be much appreciated <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span><BR /><BR />Sent from Cisco Technical Support iPhone App</P> Tue, 12 Mar 2019 01:02:22 GMT usmanghani255 2019-03-12T01:02:22Z https://community.cisco.com/t5/network-security/multiple-ports-in-extended-access-list/m-p/2199255#M361809 <P>Allow Source 10.137.10.66 Destination 10.10.24.109 ports 1198,1199,5445,5455<BR /><BR />How I can add above ports in access list ??<BR /><BR /># access-list secure_access extended permit tcp object-group xxxx host xxxxx (ports??)<BR /><BR />1. How I can create object group for multiple ports?<BR />2. How if I don't create object group for multiple ports?<BR /><BR />Thanks<BR />Any PDF for how to add multiple ports and make groups in extended access list will be much appreciated <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span><BR /><BR />Sent from Cisco Technical Support iPhone App</P> Tue, 12 Mar 2019 01:02:22 GMT https://community.cisco.com/t5/network-security/multiple-ports-in-extended-access-list/m-p/2199255#M361809 usmanghani255 2019-03-12T01:02:22Z https://community.cisco.com/t5/network-security/multiple-ports-in-extended-access-list/m-p/2199256#M361811 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>If you for example wanted to group the above ports and the ports used were TCP then you could use the following configuration on an ASA firewall</P><P></P><P>object-group service SERVICES-TCP tcp</P><P> port-object range 1198 1199</P><P> port-object eq 5445</P><P> port-object eq 5455</P><P></P><P>access-list TEST extended permit tcp host 10.137.10.66 host 10.10.24.109 object-group SERVICES-TCP</P><P></P><P>When we look at the above ACL rule with "show access-list TEST" command</P><P></P><P>ASA(config)# sh access-list TEST</P><P>access-list TEST; 3 elements; name hash: 0xd37fdb2b</P><P>access-list TEST line 1 extended permit tcp host 10.137.10.66 host 10.10.24.109 object-group SERVICES-TCP</P><P>&nbsp; access-list TEST line 1 extended permit tcp host 10.137.10.66 host 10.10.24.109 range 1198 1199 (hitcnt=0) </P><P>&nbsp; access-list TEST line 1 extended permit tcp host 10.137.10.66 host 10.10.24.109 eq 5445 (hitcnt=0) 0x81df9a21</P><P>&nbsp; access-list TEST line 1 extended permit tcp host 10.137.10.66 host 10.10.24.109 eq 5455 (hitcnt=0) 0x08e8f13d</P><P></P><P></P><P>Optionally without using any object-groups then you would have to simply write every line</P><P></P><P>access-list TEST extended permit tcp host 10.137.10.66 host 10.10.24.109 eq 1198</P><P>access-list TEST extended permit tcp host 10.137.10.66 host 10.10.24.109 eq 1199</P><P>access-list TEST extended permit tcp host 10.137.10.66 host 10.10.24.109 eq 5445</P><P>access-list TEST extended permit tcp host 10.137.10.66 host 10.10.24.109 eq 5455</P><P></P><P></P><P>- Jouni</P></BODY></HTML> Tue, 19 Feb 2013 11:27:25 GMT https://community.cisco.com/t5/network-security/multiple-ports-in-extended-access-list/m-p/2199256#M361811 Jouni Forss 2013-02-19T11:27:25Z