Acess-list with an object-group

Answered Question
Mar 25th, 2008
User Badges:

I have a pix515e ver 6.3

I defined a object-group

eg. pix1(config)#obect-group network mxly

network-object 200.65.23.0 0.0.0.0

network-object """"" " "

network-object 202.65.30.0 0.0.0.0

pix(config)#access-list outside_acl permit tcp mxly 67.90.0.34 eq 25


the error is invalid ip address mxly.

How can I use or what is the correct context to use the object-group in my access-list as the source.

Thanks

Correct Answer by Jon Marshall about 9 years 1 month ago

Hi


In addition to previous post you need to modify your acl ie.


access-list outside_acl permit tcp mxly 67.90.0.34 eq 25


should be


access-list outside_acl permit tcp object-group mxly host 67.90.0.34 eq 25


HTH


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
derrickc Tue, 03/25/2008 - 19:03
User Badges:

For the network-object command, use a network mask. For example:


network-object 200.65.23.0 255.255.255.0


It looks as if you are trying to use a wildcard mask.


Other than that, it looks fine.

Correct Answer
Jon Marshall Wed, 03/26/2008 - 00:29
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi


In addition to previous post you need to modify your acl ie.


access-list outside_acl permit tcp mxly 67.90.0.34 eq 25


should be


access-list outside_acl permit tcp object-group mxly host 67.90.0.34 eq 25


HTH


Jon

derrickc Wed, 03/26/2008 - 06:39
User Badges:

Good call....I should have caught that as I use object groups all of the time.


tdalago911, did this fix your problem?



Actions

This Discussion