Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1566
Views
0
Helpful
2
Replies

ASA Extended Access-List with Object Group

Go to solution
faiqmahdi
Level 1
Level 1

‎01-24-2016 09:22 PM - edited ‎03-12-2019 12:11 AM

Hi

Just for the curiosity, how we can create an extended access-list with Object Group with my example:

show object-group 

object-group network SSL
 network-object 10.30.40.0 255.255.255.0 
 network-object 10.30.58.31 255.255.255.255

My-FW(config)# access-list SPLIT_TUNNEL extended permit object-group ?

configure mode commands/options:
WORD Service or protocol object-group name


My-FW(config)# access-list SPLIT_TUNNEL permit object-group SSL
ERROR: Invalid object-group type

Currently I am using with Standard Access-List but I want to move on Extended Access Lists with Object Group:

access-list SPLIT_TUNNEL standard permit 10.30.40.0 255.255.255.0
access-list SPLIT_TUNNEL standard permit host 10.30.58.31

Thanks. 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Shivapramod M
Level 1
Level 1

‎01-24-2016 09:43 PM

Hi,

You should be able to create the access list. But you need to mention the protocol before the object group.

access-list SPLIT_TUNNEL extended permit ip object-group SSL any

Thanks,
Shivapramod M
Please remember to select a correct answer and rate helpful posts

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Shivapramod M
Level 1
Level 1

‎01-24-2016 09:43 PM

Hi,

You should be able to create the access list. But you need to mention the protocol before the object group.

access-list SPLIT_TUNNEL extended permit ip object-group SSL any

Thanks,
Shivapramod M
Please remember to select a correct answer and rate helpful posts

0 Helpful

Go to solution
faiqmahdi
Level 1
Level 1
In response to Shivapramod M

‎01-25-2016 01:57 AM

Thanks it worked. 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card