https://community.cisco.com/t5/network-security/asdm-bug-with-network-object-groups/m-p/1147174#M861197 <HTML><HEAD></HEAD><BODY><P>To use object groups in an access list, replace the normal protocol (protocol), network (source_address mask, etc.), service (operator port), or ICMP type (icmp_type) parameter with object-group grp_id parameter. </P><P></P><P>For example, to use object groups for all available parameters in the access-list {tcp | udp} command, enter the following command: </P><P></P><P>hostname(config)# access-list access_list_name [line line_number] [extended] {deny | </P><P>permit} {tcp | udp} object-group nw_grp_id [object-group svc_grp_id] object-group </P><P>nw_grp_id [object-group svc_grp_id] [log [[level] [interval secs] | disable | default]] </P><P>[inactive | time-range time_range_name]</P><P>You do not have to use object groups for all parameters; for example, you can use an object group for the source address, but identify the destination address with an address and mask.</P><P></P></BODY></HTML> Thu, 09 Apr 2009 22:17:42 GMT ivillegas 2009-04-09T22:17:42Z https://community.cisco.com/t5/network-security/asdm-bug-with-network-object-groups/m-p/1147173#M861192 <P>I have a possible bug when creating an Access Rule that happens sporatically. </P><P></P><P>When using a Network Object Group with 3 members as the Destination, the ACL blocks the source that I want to permit. However, when I break up the Network Object Group into 3 individual destination hosts, the ACL works fine.</P><P></P><P>Has anyone experienced this??? </P><P></P><P>ASA5520 Version 8.0(4) </P><P>ASDM 6.1</P><P></P><P>Thanks much</P> Mon, 11 Mar 2019 15:14:37 GMT https://community.cisco.com/t5/network-security/asdm-bug-with-network-object-groups/m-p/1147173#M861192 chendav11 2019-03-11T15:14:37Z https://community.cisco.com/t5/network-security/asdm-bug-with-network-object-groups/m-p/1147174#M861197 <HTML><HEAD></HEAD><BODY><P>To use object groups in an access list, replace the normal protocol (protocol), network (source_address mask, etc.), service (operator port), or ICMP type (icmp_type) parameter with object-group grp_id parameter. </P><P></P><P>For example, to use object groups for all available parameters in the access-list {tcp | udp} command, enter the following command: </P><P></P><P>hostname(config)# access-list access_list_name [line line_number] [extended] {deny | </P><P>permit} {tcp | udp} object-group nw_grp_id [object-group svc_grp_id] object-group </P><P>nw_grp_id [object-group svc_grp_id] [log [[level] [interval secs] | disable | default]] </P><P>[inactive | time-range time_range_name]</P><P>You do not have to use object groups for all parameters; for example, you can use an object group for the source address, but identify the destination address with an address and mask.</P><P></P></BODY></HTML> Thu, 09 Apr 2009 22:17:42 GMT https://community.cisco.com/t5/network-security/asdm-bug-with-network-object-groups/m-p/1147174#M861197 ivillegas 2009-04-09T22:17:42Z https://community.cisco.com/t5/network-security/asdm-bug-with-network-object-groups/m-p/1147175#M861200 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Could you post your object group and the access list used for that object group.</P></BODY></HTML> Thu, 09 Apr 2009 23:19:45 GMT https://community.cisco.com/t5/network-security/asdm-bug-with-network-object-groups/m-p/1147175#M861200 roshan.maskey 2009-04-09T23:19:45Z