Hi,
looking at the object-group based acls, and I can't quite understand how to configure destination ports properly.
for example, i want to permit ssh through an interface....
in the old days this would be
access-list 123 permit tcp 10.10.10.0 0.0.0.255 20.20.20.0 0.0.0.255 eq 22
the object-group syntax seems to be
permit 'service object-group' 'source address object-group' destination address object-group'
so how can i restrict the ssh traffic to the destination object-group only? Does the 'service object-group apply to the source or destination addresses or both?
I was expecting something like this:
permit tcp object-group SOURCE object-group DEST object-group SSH
where the object groups are source address ranges, destination address ranges and destination ports.
Cheers, Simmo.