Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2279
Views
10
Helpful
1
Replies

using different service port in access rules

Go to solution
M Mohammed
Level 1
Level 1

‎01-08-2018 04:29 AM - edited ‎02-21-2020 07:05 AM

Hi,

 

I am configuring an access rule where i have created a service port tcp/udp 3389 and in addition to that i am adding icmp group port (0, 3 and 8) but i am getting an error message

 

"service cannot contain services of different types"

 

any advise?

 

thanks

MM

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
er.shivamdubey31190
Level 1
Level 1

‎01-08-2018 06:17 AM

Hi Mohammed,

 

You can not use both tcp and icmp service in same access control entry.

You can create seperate objects for tcp and icmp service  and can call them in seperate access control entries.

Please let me know if you have any concern.

 

The only way out is  :-

 

To create a protocol group for TCP, UDP, and ICMP, enter the following commands:

hostname (config)# object-group protocol tcp_udp_icmp


hostname (config-protocol)# protocol-object tcp


hostname (config-protocol)# protocol-object udp


hostname (config-protocol)# protocol-object icmp

and then use this protocol object in ACL.

 

For detailed info please refer to below link: -

https://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/objectgroups.html#wp1098519

 

 

Please mark this post as post as helpful and accept it as solution if it resolves your concern.

 

BR

shivdube

EX-CISCO TAC Engg

View solution in original post

1 Reply 1

Go to solution
er.shivamdubey31190
Level 1
Level 1

‎01-08-2018 06:17 AM

Hi Mohammed,

 

You can not use both tcp and icmp service in same access control entry.

You can create seperate objects for tcp and icmp service  and can call them in seperate access control entries.

Please let me know if you have any concern.

 

The only way out is  :-

 

To create a protocol group for TCP, UDP, and ICMP, enter the following commands:

hostname (config)# object-group protocol tcp_udp_icmp


hostname (config-protocol)# protocol-object tcp


hostname (config-protocol)# protocol-object udp


hostname (config-protocol)# protocol-object icmp

and then use this protocol object in ACL.

 

For detailed info please refer to below link: -

https://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/objectgroups.html#wp1098519

 

 

Please mark this post as post as helpful and accept it as solution if it resolves your concern.

 

BR

shivdube

EX-CISCO TAC Engg

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card