Solved: Acess-list with an object-group

tdalago911 · ‎03-25-2008

I have a pix515e ver 6.3

I defined a object-group

eg. pix1(config)#obect-group network mxly

network-object 200.65.23.0 0.0.0.0

network-object """"" " "

network-object 202.65.30.0 0.0.0.0

pix(config)#access-list outside_acl permit tcp mxly 67.90.0.34 eq 25

the error is invalid ip address mxly.

How can I use or what is the correct context to use the object-group in my access-list as the source.

Thanks

Jon Marshall · ‎03-26-2008

Hi

In addition to previous post you need to modify your acl ie.

access-list outside_acl permit tcp mxly 67.90.0.34 eq 25

should be

access-list outside_acl permit tcp object-group mxly host 67.90.0.34 eq 25

HTH

Jon

derrickc · ‎03-25-2008

For the network-object command, use a network mask. For example:

network-object 200.65.23.0 255.255.255.0

It looks as if you are trying to use a wildcard mask.

Other than that, it looks fine.

Jon Marshall · ‎03-26-2008

Hi

In addition to previous post you need to modify your acl ie.

access-list outside_acl permit tcp mxly 67.90.0.34 eq 25

should be

access-list outside_acl permit tcp object-group mxly host 67.90.0.34 eq 25

HTH

Jon

derrickc · ‎03-26-2008

Good call....I should have caught that as I use object groups all of the time.

tdalago911, did this fix your problem?