01-19-2011 07:47 AM - edited 03-11-2019 12:37 PM
Hi experts,
Here are my relevant configs on the ASA 5510 running 8.3(2)
object network Obj_ABC_ICS
host 192.168.55.11
!
object-group network ObjGrp_ABC_IP
network-object host 1.2.3.4
object-group service ObjGrp_ABC_Ports
service-object tcp destination eq 3389
service-object tcp destination eq www
service-object tcp destination eq https
!
Then I try to create an ACL with the following command I got the error:
access-list ACL_test extended permit tcp object-group ObjGrp_ABC_IP object Obj_ABC_ICS object-group ObjGrp_ABC_Ports
ERROR: specified object group <ObjGrp_ABC_Ports> has wrong type; expecting service type
...
It's indeed the service type!!!
What did I do wrong? I also saw the "protocol" type object-group. What's the difference between "service" type and "protocol" type?
Thanks!
Solved! Go to Solution.
01-19-2011 08:15 AM
Hello,
You are using enhanced object groups. Please try the following:
access-list ACL_test extended permit object-group ObjGrp_ABC_Ports object-group ObjGrp_ABC_IP object Obj_ABC_ICS
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00800d641d.shtml#serv
Hope this helps.
Regards,
NT
01-19-2011 08:15 AM
Hello,
You are using enhanced object groups. Please try the following:
access-list ACL_test extended permit object-group ObjGrp_ABC_Ports object-group ObjGrp_ABC_IP object Obj_ABC_ICS
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00800d641d.shtml#serv
Hope this helps.
Regards,
NT
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide