Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
495
Views
0
Helpful
3
Replies

PIX Object-group command

tckoon
Level 1
Level 1

‎02-24-2004 11:45 PM - edited ‎02-20-2020 11:15 PM

How can I combine the TCP & UDP service into one object-group ?

object-group service DGCORP_UDP1 udp

port-object eq 1000

port-object eq 8000

object-group service DGCORP_TCP1 tcp

port-object eq 3365

port-object eq 4445

Regards.

0 Helpful
3 Replies 3

laje
Level 1
Level 1

‎02-25-2004 02:31 AM

Theoretically, object groups can be nested as long as they are of the same type. This should do the job

object-group protocol BOTHDGCORPS

description combine DGCORP_UDP1 and DGCORP_TCP1 PROTOCOL OBJECTS

protocol-object DGCORP_UDP1

protocol-object DGCORP_TCP1

Then reference BOTHDGCORPS when u want to use it.

Cheers

0 Helpful

laje
Level 1
Level 1

‎02-25-2004 04:04 AM

Ignore my earlier posting.I mixed what I was doing with the answer meant for you.

Try this.

object-group service BOTHDGCORP tcp-udp

description combining DGCORPUDP1 AND DGCORPTCP1

group-object DGCORP_UDP1

group-object DGCORP_TCP1

ref BOTHDGCORP when used.

0 Helpful

tckoon
Level 1
Level 1
In response to laje

‎02-25-2004 05:58 PM

Hi, thanks for answer.

Another question is how should I apply it to access-list ? As the BOTHDGCORP consist of udp and tcp.

Does this correct ?

access-list outside permit ip any any BOTHDGCORP

OR

object-group protocol tcp_udp

protocol-object udp

protocol-object tcp

access-list outside permit object-group tcp_udp any any BOTHDGCORP

Regards.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card