Buy or Renew
Buy or Renew
Meraki Community is live! Welcome Meraki Members! Learn more here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1049
Views
0
Helpful
3
Replies

ACL syntax problem

Go to solution
Colin Higgins
Level 7
Level 7

‎12-18-2013 09:26 AM - edited ‎03-11-2019 08:20 PM

I have a ASA services modules in a 6509-E that is giving me issues with ragards to ACL syntax

Let's say I have a KMS server at 192.168.20.10

I want to allow all hosts to reach this server at port tcp 1688

so I do

object-group network KMS-SERVERS

host 192.168.20.10

then

access-list KMS-ACCESS-IN extended permit tcp any object-group KMS-SERVERS eq 1688

problem is, it WILL NOT take the "eq 1688"

this was a valid command in other IOS versions. Why isn't it working now?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP
In response to Colin Higgins

‎12-18-2013 09:48 AM

that is typically the case if the object-group is not available. Thats the reason I asked what you *really* configured on your box.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

--
If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Karsten Iwen
VIP
VIP

‎12-18-2013 09:35 AM

Is that really what you configured? Your object-group doesn't look like that what you show here is what you did on your ASA.

Please verify and show the exact terminal-output.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

--
If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
0 Helpful

Go to solution
Colin Higgins
Level 7
Level 7
In response to Karsten Iwen

‎12-18-2013 09:38 AM

well that is my question

the command

access-list KMS-ACCESS-IN extended permit tcp any host 192.168.20.10 eq 1688

will work

access-list KMS-ACCESS-IN extended permit tcp any object-group KMS-SERVERS eq 1688

will not

I don't get any options after the object group

this used to work

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP
In response to Colin Higgins

‎12-18-2013 09:48 AM

that is typically the case if the object-group is not available. Thats the reason I asked what you *really* configured on your box.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

--
If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card