Object-group Access control list

newbie_08 · ‎11-10-2021

Hi there,

I need to implement ACL in router using object group method. The scenario is host(1.1.1.1) send images to 3 servers ( 2.2.2.2,3.3.3.3, 4.4.4.4) via tcp port 3320,104,2104 and the host retrieve data from the server via same port.

Appreciate your advise on this on how to implement.Please advice below config are correct

object-group network ACL_device
description device
host 1.1.1.1
!
object-group service server_Port
description Service Port
tcp eq 3320
tcp eq 104
tcp eq 2104
!

object-group network ACL_server
description server
host 2.2.2.2
host 3.3.3.3
host 4.4.4.4
!

ip access-list extended ACL_XX
remark device to send data to server
permit object-group ACL_device object-group server_Port object-group ACL_server
remark device to retrive data from server
permit object-group ACL_server object-group server_Port object-group ACL_device
!
int Po1
ip access-group ACL_XX in 
ip access-group ACL_XX out

Object-group Access control list

Re: Access Control Lists (ACL) Explained

Configuring Dynamic Access Control List

Secure Access: Network Tunnel Groupの接続におけるFTDのECMP設定例

ACCESS-CONTROL LIST

Network Access Control Guided Resources