Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1244
Views
0
Helpful
2
Replies

ASA Acces List Error | ERROR: % Incomplete command

Go to solution
Hassan Kashaf
Level 1
Level 1

‎09-26-2016 08:23 PM - edited ‎02-21-2020 05:55 AM

Hello Everyone,


I am trying to enter the following rule but i am getting an Error, I have similar rule already inside the firewall, so I don't really get what is wrong and how to go about troubleshooting it. Can anyone help?


access-list acl_inside extended permit object-group 16-09-08F 132.235.192.0 255.255.192.0 eq https log


(config-network)# access-list acl_inside extended permit object-group$

access-list acl_inside extended permit object-group 16-09-08F 132.235.192.0 255.
255.192.0 eq https log
                   ^
ERROR: % Invalid Hostname



SAME THING WITHOUT LOG

(config-network)# access-list acl_inside extended permit object-group$

access-list acl_inside extended permit object-group 16-09-08F 132.235.192.0 255.
255.192.0 eq https
ERROR: % Incomplete command


SAME STUPID ERROR,


THE RULE THAT IS SIMILAR;

# SH ACCess-list | I 132.235.192.0
access-list acl_inside line 2767 extended permit tcp object-group 16-06-29X-2 132.235.192.0 255.255.192.0 eq https


???????


I am not sure this warrants a case from cisco?

FW100ABCx(config)# object-group network 16-09-08F
FW100ABCx(config-network)#  network-object host 172.191.235.136
Adding obj (network-object host 172.191.235.136) to grp (16-09-08F) failed; object already exists
FW100ABCx(config-network)#  network-object host 172.191.235.135
Adding obj (network-object host 172.191.235.135) to grp (16-09-08F) failed; object already exists
FW100ABCx(config-network)#  network-object host 172.191.235.134
Adding obj (network-object host 172.191.235.134) to grp (16-09-08F) failed; object already exists
FW100ABCx(config-network)#  network-object host 172.52.134.76
Adding obj (network-object host 172.52.134.76) to grp (16-09-08F) failed; object already exists
FW100ABCx(config-network)#
FW100ABCx(config-network)# access-list acl_inside extended permit object-group$

access-list acl_inside extended permit object-group 16-09-08F 132.235.192.0 255.255.192.0 eq 443
ERROR: % Incomplete command

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Dinesh Moudgil
Cisco Employee
Cisco Employee

‎09-26-2016 08:45 PM

Hello Hassan,

You are missing protocol keyword (tcp/udp)
Try this:

object-group network 16-09-08F
network-object host 172.191.235.136

access-list acl_inside extended permit tcp object-group 16-09-08F 132.235.192.0 255.255.192.0 

Regards
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Dinesh Moudgil
Cisco Employee
Cisco Employee

‎09-26-2016 08:45 PM

Hello Hassan,

You are missing protocol keyword (tcp/udp)
Try this:

object-group network 16-09-08F
network-object host 172.191.235.136

access-list acl_inside extended permit tcp object-group 16-09-08F 132.235.192.0 255.255.192.0 

Regards
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/
0 Helpful

Go to solution
Hassan Kashaf
Level 1
Level 1
In response to Dinesh Moudgil

‎09-27-2016 01:09 AM

Thanks Dinesh:)

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card