Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
591
Views
10
Helpful
3
Replies

can ACL do this

Go to solution
QFX527518
Level 1
Level 1

‎10-29-2009 12:34 AM - edited ‎03-06-2019 08:21 AM

like fire policy,on the router or the switch,user can first define the application service,the when user define the ACL,can use the define-service.like this:

define app-service1 tcp= 1812,1813,udp=1813,1646

ip access extend test

permit ip host t1 host t2 service app-service1

permit ip host t3 service app-service1 host t4

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
cameron.moody
Level 1
Level 1

‎10-29-2009 12:47 AM

Hi,

It sure can with object-groups

http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_object_group_acl.html

eg object-group service myservices

tcp 1812

udp 1813

udp 1646

object-group network myservers

host 1.1.1.1

host 2.2.2.2

network 10.10.10.0 255.255.255.0

Hope this helps

Please rate if helpful

View solution in original post

3 Replies 3

Go to solution
cameron.moody
Level 1
Level 1

‎10-29-2009 12:47 AM

Hi,

It sure can with object-groups

http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_object_group_acl.html

eg object-group service myservices

tcp 1812

udp 1813

udp 1646

object-group network myservers

host 1.1.1.1

host 2.2.2.2

network 10.10.10.0 255.255.255.0

Hope this helps

Please rate if helpful

Go to solution
tachyon05
Level 1
Level 1
In response to cameron.moody

‎11-16-2009 08:54 AM

yes it can. however, i am running into issues with router crashing, as soon as i configure IPsec. in the link you provided, it does say "ipsec is not supported". i am just not sure if things will work if i only use IPsec on ACLs that have nothing to do with VPNs, and only use old style ACLs (without object groups) on ACLs that have anything to do with VPNs. Still trying ...

0 Helpful

Go to solution
QFX527518
Level 1
Level 1
In response to cameron.moody

‎11-23-2009 10:49 PM

thx.our company device's IOS not support the object_ACL.only wait new device and new ios.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card