Solved: Re: ASA 5525- strange CLI symptom / error. Please help.

jmaxwellUSAF · ‎01-03-2023

Hello.

Please see screenshot. I am unable to configure an ACL because of the below strange CLI error. Maybe it has to do with the long input on one line. May you please assist?

Thank you.

jmaxwellUSAF · ‎01-03-2023

I solved the symptom, though I don't know why this solved it-- I removed "line 5500" so it now reads...

#access-list Split_Tunnel_ACL extended permit ip object-group object VENDOR_IP_GROUP1 object VPN-Pool

View solution in original post

Rob Ingram · ‎01-03-2023

@jmaxwellUSAF it's probably something wrong with the syntax, can you provide the full syntax?

MHM Cisco World · ‎01-03-2023

are you add service (L4 port ) to the ACL extended IP ?
I dont think this work
you need to use ACL extended tcp/udp and then you can use service object group

jmaxwellUSAF · ‎01-03-2023

here is the full (obfuscated) code..

#object network MY_VPN_Pool
#subnet 172.16.1.0 255.255.255.0
#object-group network VENDOR_IP_GROUP1
#network-object host 1.2.3.4
#access-list Split_Tunnel_ACL extended line 50 permit ip object-group VENDOR_IP_GROUP1 object MY_VPN_Pool

MHM Cisco World · ‎01-03-2023

I will lab this and check

jmaxwellUSAF · ‎01-03-2023

I solved the symptom, though I don't know why this solved it-- I removed "line 5500" so it now reads...

#access-list Split_Tunnel_ACL extended permit ip object-group object VENDOR_IP_GROUP1 object VPN-Pool