Hi

I have:-

!

object-group network WEB_SITES

network-object object www.123.de

network-object object www.123.com

network-object object www.123.eu

network-object object www.123.fr

network-object object www.123.nl

network-object object www.123.be

!

sh run object-group service

object-group service 80443

service-object tcp destination eq www

service-object tcp destination eq https

!

!

I want to allow any source to access  destinaton "WEB_SITES" on the pots in "80443"

I tried,

access-list OUTSIDE extended permit tcp any object-group WEB_SITES object-group 80443

and got

"ERROR: specified object group <80443> has wrong type; expecting service type"

BUT if query the syntax, it asks for?

access-list OUTSIDE extended permit tcp any object-group WEB_SITES ?                

configure mode commands/options:

  eq            Port equal to operator

  gt            Port greater than operator

  inactive      Keyword for disabling an ACL element

  log           Keyword for enabling log option on this ACL element

  lt            Port less than operator

  neq           Port not equal to operator

  object-group  Optional service object-group for destination port

  range         Port range operator

  time-range    Keyword for attaching time-range option to this ACL element

  <cr>

access-list OUTSIDE extended permit tcp any object-group WEB_SITES  object-group ?

configure mode commands/options:

  WORD  Service object-group name for destination port

What am I doing wrong? Im sure you can allow destination to a group of ports!!

It's late and my head hurts

Im on:-

sh ver

Cisco Adaptive Security Appliance Software Version 8.4(2)

Device Manager Version 6.4(9)

Compiled on Wed 15-Jun-11 18:17 by builders

System image file is "disk0:/asa842-k8.bin"

Regards,