Solved: ASA Extended Access-List with Object Group

faiqmahdi · ‎01-24-2016

Hi

Just for the curiosity, how we can create an extended access-list with Object Group with my example:

show object-group

object-group network SSL
network-object 10.30.40.0 255.255.255.0
network-object 10.30.58.31 255.255.255.255

My-FW(config)# access-list SPLIT_TUNNEL extended permit object-group ?

configure mode commands/options:
WORD Service or protocol object-group name

My-FW(config)# access-list SPLIT_TUNNEL permit object-group SSL
ERROR: Invalid object-group type

Currently I am using with Standard Access-List but I want to move on Extended Access Lists with Object Group:

access-list SPLIT_TUNNEL standard permit 10.30.40.0 255.255.255.0
access-list SPLIT_TUNNEL standard permit host 10.30.58.31

Thanks.

Shivapramod M · ‎01-24-2016

Hi,

You should be able to create the access list. But you need to mention the protocol before the object group.

access-list SPLIT_TUNNEL extended permit ip object-group SSL any

Thanks,
Shivapramod M
Please remember to select a correct answer and rate helpful posts

Shivapramod M · ‎01-24-2016

Hi,

You should be able to create the access list. But you need to mention the protocol before the object group.

access-list SPLIT_TUNNEL extended permit ip object-group SSL any

Thanks,
Shivapramod M
Please remember to select a correct answer and rate helpful posts

faiqmahdi · ‎01-25-2016

Thanks it worked.