Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1030
Views
0
Helpful
2
Replies

ACL with service object - Help

AurangzebK
Level 1
Level 1

‎01-12-2018 05:41 AM - edited ‎01-20-2021 05:28 PM

 

Can some please help me understand following ACL.

 

object-group service SERVICE_Object

 service-object tcp eq 30175

 service-object udp eq 30175

 

access-list OUTSIDE extended permit object-group SERVICE_Object 1.1.1.1 2.2.2.2

 

 

is it

 

1: any traffic from source 1.1.1.1 to destination 2.2.2.2  to destination ports tcp-30175 & udp-30175??

OR

2: any traffic from source 1.1.1.1 to destination 2.2.2.2 from source ports tcp-30175 & udp-30175??

 

 

 

Thanks in advance.

 

 

 

 

 

Labels:
0 Helpful
2 Replies 2

Karsten Iwen
VIP
VIP

‎01-13-2018 02:08 AM

This is not a valid syntax. If you want to specify the port-numbers, you also have to configure source or destination:

asa1(config-service-object-group)# service-object tcp ?

dual-service-object-group mode commands/options:
  destination  Keyword to specify destination
  source       Keyword to specify source
  <cr>
asa1(config-service-object-group)# service-object tcp destination ?

dual-service-object-group mode commands/options:
  eq     Port equal to operator
  gt     Port greater than  operator
  lt     Port less than operator
  neq    Port not equal to operator
  range  Port range operator
0 Helpful

Mohammed al Baqari
Level 11
Level 11

‎01-20-2021 11:59 PM

Hi,

This represents destination ports (not source ports)


**** please remember to rate useful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card