I have encountered a problem which puzzles me.
Here are my object-groups:
object-group network fserve
network-object host fserve-active
network-object host fserve-standby
object-group service fserve-services
service-object tcp eq www
service-object tcp eq ftp
object-group icmp-type test-connection
object-group network dmz-hosts
object-group service dmz-services
object-group network inside-hosts
description define inside hosts
network-object 172.16.0.0 255.255.0.0
object-group protocol dmz-ports
I am trying to add in a service object group but asa refuses and said it was an error. Here's what I type:
access-list pub->dmz extended permit object-group dmz-ports any object-group dmz-hosts object-group dmz-services
Here's what ASA said:
ERROR: specified object group <dmz-services> has wrong type; expecting service type
I would like to know what have gone wrong...dmz-services is indeed service object-group but asa refused to accept it.
Thank you for your reply, but sorry I do not understand what you mean.
If you mean dmz-services did not include group-object fserve-services, then look again at the object group config.