Acess-list with an object-group

Answered Question
Mar 25th, 2008

I have a pix515e ver 6.3

I defined a object-group

eg. pix1(config)#obect-group network mxly

network-object 200.65.23.0 0.0.0.0

network-object """"" " "

network-object 202.65.30.0 0.0.0.0

pix(config)#access-list outside_acl permit tcp mxly 67.90.0.34 eq 25

the error is invalid ip address mxly.

How can I use or what is the correct context to use the object-group in my access-list as the source.

Thanks

I have this problem too.
0 votes
Correct Answer by Jon Marshall about 8 years 8 months ago

Hi

In addition to previous post you need to modify your acl ie.

access-list outside_acl permit tcp mxly 67.90.0.34 eq 25

should be

access-list outside_acl permit tcp object-group mxly host 67.90.0.34 eq 25

HTH

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
derrickc Tue, 03/25/2008 - 19:03

For the network-object command, use a network mask. For example:

network-object 200.65.23.0 255.255.255.0

It looks as if you are trying to use a wildcard mask.

Other than that, it looks fine.

Correct Answer
Jon Marshall Wed, 03/26/2008 - 00:29

Hi

In addition to previous post you need to modify your acl ie.

access-list outside_acl permit tcp mxly 67.90.0.34 eq 25

should be

access-list outside_acl permit tcp object-group mxly host 67.90.0.34 eq 25

HTH

Jon

derrickc Wed, 03/26/2008 - 06:39

Good call....I should have caught that as I use object groups all of the time.

tdalago911, did this fix your problem?

Actions

This Discussion