object-group network WEB_SITES
network-object object www.123.de
network-object object www.123.com
network-object object www.123.eu
network-object object www.123.fr
network-object object www.123.nl
network-object object www.123.be
sh run object-group service
object-group service 80443
service-object tcp destination eq www
service-object tcp destination eq https
I want to allow any source to access destinaton "WEB_SITES" on the pots in "80443"
access-list OUTSIDE extended permit tcp any object-group WEB_SITES object-group 80443
"ERROR: specified object group <80443> has wrong type; expecting service type"
BUT if query the syntax, it asks for?
access-list OUTSIDE extended permit tcp any object-group WEB_SITES ?
configure mode commands/options:
eq Port equal to operator
gt Port greater than operator
inactive Keyword for disabling an ACL element
log Keyword for enabling log option on this ACL element
lt Port less than operator
neq Port not equal to operator
object-group Optional service object-group for destination port
range Port range operator
time-range Keyword for attaching time-range option to this ACL element
access-list OUTSIDE extended permit tcp any object-group WEB_SITES object-group ?
WORD Service object-group name for destination port
What am I doing wrong? Im sure you can allow destination to a group of ports!!
It's late and my head hurts
Cisco Adaptive Security Appliance Software Version 8.4(2)
Device Manager Version 6.4(9)
Compiled on Wed 15-Jun-11 18:17 by builders
System image file is "disk0:/asa842-k8.bin"
Go to Solution.
It should be today:
access-list OUTSIDE extended permit object-group 80443 any object-group WEB_SITES
View solution in original post
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: