cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
606
Views
0
Helpful
2
Replies

ACL with object-group to object-group and port definitions

Rich Ahlert
Level 1
Level 1

Hello,

I have a scenario where I have multiple print servers on my outside interface that need to print/communicate to printers on my inside interface. I have setup a 1 to 1 nat for the printers but need to figure out the ACl for it. My thought was to group all my outside print servers together in one object-group and group all my inside printer networks in another object-group and then put all the ports in an another object-group then write the acl as follows

 

access-list ALLOW-OUTSIDE-to-INSIDE-PRINTING extended permit object-group PRINTER-PORTS object-group OUTSIDE-PRINT-SERVERS object-group INSIDE-PRINTERS

but all I get after the first object-group parameter is a return option <CR>. The code running on the ASA is 8.6. Is this possible? Do I need to upgrade to the latest 9.x code?

 

 

1 Accepted Solution

Accepted Solutions

guibarati
Level 4
Level 4

You have to have created the object-group service before you try this command. (That is right, even before you press "Enter", when you use "?" to see the command syntax if the name of the service group you used in the line doesn't exist ASA won't show the rest of the command.)

 

View solution in original post

2 Replies 2

guibarati
Level 4
Level 4

You have to have created the object-group service before you try this command. (That is right, even before you press "Enter", when you use "?" to see the command syntax if the name of the service group you used in the line doesn't exist ASA won't show the rest of the command.)

 

Thank you guibarati.

Review Cisco Networking for a $25 gift card