cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
361
Views
0
Helpful
2
Replies

ASDM bug with network object groups??

chendav11
Level 1
Level 1

I have a possible bug when creating an Access Rule that happens sporatically.

When using a Network Object Group with 3 members as the Destination, the ACL blocks the source that I want to permit. However, when I break up the Network Object Group into 3 individual destination hosts, the ACL works fine.

Has anyone experienced this???

ASA5520 Version 8.0(4)

ASDM 6.1

Thanks much

2 Replies 2

ivillegas
Level 6
Level 6

To use object groups in an access list, replace the normal protocol (protocol), network (source_address mask, etc.), service (operator port), or ICMP type (icmp_type) parameter with object-group grp_id parameter.

For example, to use object groups for all available parameters in the access-list {tcp | udp} command, enter the following command:

hostname(config)# access-list access_list_name [line line_number] [extended] {deny |

permit} {tcp | udp} object-group nw_grp_id [object-group svc_grp_id] object-group

nw_grp_id [object-group svc_grp_id] [log [[level] [interval secs] | disable | default]]

[inactive | time-range time_range_name]

You do not have to use object groups for all parameters; for example, you can use an object group for the source address, but identify the destination address with an address and mask.

roshan.maskey
Level 1
Level 1

Hi,

Could you post your object group and the access list used for that object group.

Review Cisco Networking for a $25 gift card