Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
412
Views
10
Helpful
2
Replies

ASA ACL entry: 1 source with 2 destinations?

Go to solution
jmaxwellUSAF
VIP
VIP

‎01-02-2023 09:25 AM - edited ‎01-02-2023 09:45 AM

Hi.

GIVEN:

"access-list Outside_access_in extended permit tcp 170.100.1.0 255.255.240.0 object OBJECT1 object-group GROUP2"

Does the above mean "Permit tcp from source 170.100.1.0/20 to object OBJECT1 and object-group GROUP2"?

Thank you!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎01-02-2023 09:30 AM - edited ‎01-02-2023 09:31 AM

@jmaxwellUSAF OBJECT1 = the destination network object and GROUP2 = the group of services (tcp services).

So permit 173.245.48.0/255.255.240.0 to OBJECT1 networks using the tcp services in GROUP2.

View solution in original post

2 Replies 2

Go to solution
Rob Ingram
VIP
VIP

‎01-02-2023 09:30 AM - edited ‎01-02-2023 09:31 AM

@jmaxwellUSAF OBJECT1 = the destination network object and GROUP2 = the group of services (tcp services).

So permit 173.245.48.0/255.255.240.0 to OBJECT1 networks using the tcp services in GROUP2.

Go to solution
MHM Cisco World
VIP
VIP

‎01-02-2023 09:31 AM

no the second object-group is for service (L4 port) not for IP.

Customers Also Viewed These Support Documents