12-18-2013 09:26 AM - edited 03-11-2019 08:20 PM
I have a ASA services modules in a 6509-E that is giving me issues with ragards to ACL syntax
Let's say I have a KMS server at 192.168.20.10
I want to allow all hosts to reach this server at port tcp 1688
so I do
object-group network KMS-SERVERS
host 192.168.20.10
then
access-list KMS-ACCESS-IN extended permit tcp any object-group KMS-SERVERS eq 1688
problem is, it WILL NOT take the "eq 1688"
this was a valid command in other IOS versions. Why isn't it working now?
Solved! Go to Solution.
12-18-2013 09:48 AM
that is typically the case if the object-group is not available. Thats the reason I asked what you *really* configured on your box.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
12-18-2013 09:35 AM
Is that really what you configured? Your object-group doesn't look like that what you show here is what you did on your ASA.
Please verify and show the exact terminal-output.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
12-18-2013 09:38 AM
well that is my question
the command
access-list KMS-ACCESS-IN extended permit tcp any host 192.168.20.10 eq 1688
will work
access-list KMS-ACCESS-IN extended permit tcp any object-group KMS-SERVERS eq 1688
will not
I don't get any options after the object group
this used to work
12-18-2013 09:48 AM
that is typically the case if the object-group is not available. Thats the reason I asked what you *really* configured on your box.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide