cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
556
Views
0
Helpful
3
Replies

Strange Inside ACL Issue

jonhill
Level 1
Level 1

We've been having a few problems over the past week or so which Objects and Object groups.

What we have is an object group called HTTP out which contains around 120 objects and 10 object groups, this object group is part of a rule any source to HTTP out on IP service.

One of the boject groups contains a class C subnet an external application along with other addresses for this application.

What we've found is that no users trying to connect to an address in this subnet works, but if we put the same subnet in its own rule above the HTTP out rule it works fine.

Are there any limits on the number of objects you can have in any one object group and what else can I look to see why connections to this subnet don't work when its part of the HTTP out object group?

Any help or advice would be much appreciated.

Thanks

Jon

3 Replies 3

Maykol Rojas
Cisco Employee
Cisco Employee

Hi Jon,

Would you be able to remove the Rule (assuming that is still on as a workaround) and run a packet tracer? Maybe it is not even hitting it.

Mike Rojas

Mike