ACL with service object - Help
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-12-2018 05:41 AM - edited 01-20-2021 05:28 PM
Can some please help me understand following ACL.
object-group service SERVICE_Object
service-object tcp eq 30175
service-object udp eq 30175
access-list OUTSIDE extended permit object-group SERVICE_Object 1.1.1.1 2.2.2.2
is it
1: any traffic from source 1.1.1.1 to destination 2.2.2.2 to destination ports tcp-30175 & udp-30175??
OR
2: any traffic from source 1.1.1.1 to destination 2.2.2.2 from source ports tcp-30175 & udp-30175??
Thanks in advance.
- Labels:
-
NGFW Firewalls
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-13-2018 02:08 AM
This is not a valid syntax. If you want to specify the port-numbers, you also have to configure source or destination:
asa1(config-service-object-group)# service-object tcp ? dual-service-object-group mode commands/options: destination Keyword to specify destination source Keyword to specify source <cr> asa1(config-service-object-group)# service-object tcp destination ? dual-service-object-group mode commands/options: eq Port equal to operator gt Port greater than operator lt Port less than operator neq Port not equal to operator range Port range operator
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-20-2021 11:59 PM
This represents destination ports (not source ports)
**** please remember to rate useful posts
