10-03-2017 11:11 PM - edited 02-21-2020 06:25 AM
Hi Guys,
I saw below configuration on Cisco ASA 9.1(7)16. The network object group is calling a service object group, is this a valid configuration?
====================================
object-group service HTTPS_433 tcp
port-object eq 433
object-group network WEB
network-object host WWW_A
network-object host WWW_B
group-object HTTPS_433
====================================
Solved! Go to Solution.
10-05-2017 12:47 AM
That would not be a valid configuration stanza. Network object groups can contain multiple network objects as well as inline networks. For services, you would need to use a service group.
10-05-2017 12:47 AM
That would not be a valid configuration stanza. Network object groups can contain multiple network objects as well as inline networks. For services, you would need to use a service group.
10-05-2017 04:42 AM
That's my understanding as well. But very surprised ASA allows the configuration.
10-05-2017 05:10 AM - edited 10-05-2017 05:11 AM
It appears they have fixed that bug in a subsequent release:
asav(config)# object-group service HTTPS_433 tcp
asav(config-service-object-group)# port-object eq 433
asav(config-service-object-group)#
asav(config-service-object-group)#
asav(config-service-object-group)#
asav(config-service-object-group)# object-group network WEB
asav(config-network-object-group)# network-object host WWW_A
asav(config-network-object-group)# network-object host WWW_B
asav(config-network-object-group)# group-object HTTPS_433
Adding obj to object-group (WEB) failed; obj and group type inconsistent
asav(config-network-object-group)# end
asav#
asav#
asav# sh ver
Cisco Adaptive Security Appliance Software Version 9.8(1)7
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide