01-24-2016 09:22 PM - edited 03-12-2019 12:11 AM
Hi
Just for the curiosity, how we can create an extended access-list with Object Group with my example:
show object-group
object-group network SSL
network-object 10.30.40.0 255.255.255.0
network-object 10.30.58.31 255.255.255.255
My-FW(config)# access-list SPLIT_TUNNEL extended permit object-group ?
configure mode commands/options:
WORD Service or protocol object-group name
My-FW(config)# access-list SPLIT_TUNNEL permit object-group SSL
ERROR: Invalid object-group type
Currently I am using with Standard Access-List but I want to move on Extended Access Lists with Object Group:
access-list SPLIT_TUNNEL standard permit 10.30.40.0 255.255.255.0
access-list SPLIT_TUNNEL standard permit host 10.30.58.31
Thanks.
Solved! Go to Solution.
01-24-2016 09:43 PM
Hi,
You should be able to create the access list. But you need to mention the protocol before the object group.
access-list SPLIT_TUNNEL extended permit ip object-group SSL any
Thanks,
Shivapramod M
Please remember to select a correct answer and rate helpful posts
01-24-2016 09:43 PM
Hi,
You should be able to create the access list. But you need to mention the protocol before the object group.
access-list SPLIT_TUNNEL extended permit ip object-group SSL any
Thanks,
Shivapramod M
Please remember to select a correct answer and rate helpful posts
01-25-2016 01:57 AM
Thanks it worked.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide