06-21-2007 08:22 AM - edited 03-11-2019 03:33 AM
ASA 5550. Version 7.1(2). I'm getting the following error when configuring an access-list with object-groups:
ERROR: extra command argument(s)
Usage:
This is what i have. Don't know whats wrong. Please help.
object-group network XYZ_MGMT_NETS
description XYZ Management Networks
network-object 10.110.64.0 255.255.248.0
network-object 10.110.100.0 255.255.252.0
network-object 10.110.124.0 255.255.252.0
object-group service MGMT_APPS tcp-udp
description XYZ Management Apps
port-object eq 123
port-object eq tacacs
port-object eq 69
port-object eq 162
port-object eq 514
object-group protocol PROT
description protocols (tcp/udp) for XYZ Mgmt
protocol-object ip
protocol-object tcp
protocol-object udp
access-list acl_manage3 extended permit object-group PROT any object-group XYZ_MGMT_NETS object-group MGMT_APPS
Solved! Go to Solution.
06-21-2007 10:53 AM
Could there be a problem with your protocol group, -assuming I am reading it right, with an ip object inside of a tcp/udp protocol group? If tcp/udp protocols are a subset of ip will the protocol group still work?
06-21-2007 10:53 AM
Could there be a problem with your protocol group, -assuming I am reading it right, with an ip object inside of a tcp/udp protocol group? If tcp/udp protocols are a subset of ip will the protocol group still work?
06-21-2007 12:04 PM
That was it. Thank you. I removed the "protocol-object ip" from the PROT object-group and voila it worked. Thanks once again.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide