Re: ACL with service object - Help

AurangzebK · ‎01-12-2018

Can some please help me understand following ACL.

object-group service SERVICE_Object

service-object tcp eq 30175

service-object udp eq 30175

access-list OUTSIDE extended permit object-group SERVICE_Object 1.1.1.1 2.2.2.2

is it

1: any traffic from source 1.1.1.1 to destination 2.2.2.2 to destination ports tcp-30175 & udp-30175??

OR

2: any traffic from source 1.1.1.1 to destination 2.2.2.2 from source ports tcp-30175 & udp-30175??

Thanks in advance.

Karsten Iwen · ‎01-13-2018

This is not a valid syntax. If you want to specify the port-numbers, you also have to configure source or destination:

asa1(config-service-object-group)# service-object tcp ?

dual-service-object-group mode commands/options:
  destination  Keyword to specify destination
  source       Keyword to specify source
  <cr>
asa1(config-service-object-group)# service-object tcp destination ?

dual-service-object-group mode commands/options:
  eq     Port equal to operator
  gt     Port greater than  operator
  lt     Port less than operator
  neq    Port not equal to operator
  range  Port range operator

Mohammed al Baqari · ‎01-20-2021

Hi,

This represents destination ports (not source ports)

**** please remember to rate useful posts