Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
297
Views
0
Helpful
3
Replies

Need help with an object-group on PIX 506

mark
Level 1
Level 1

‎03-02-2009 07:46 PM - edited ‎03-11-2019 07:59 AM

I need to group the following ports for a VoIP device.

514 UDP

1194 UDP

3480 UDP

49000-50000 UDP

443 TCP

I obviously don't want to make 1000+ entries in the PIX config, and I'm a tad confused on the object-group and then how to apply it.

Single IP, translated from the interface to 192.168.1.5. What commands will I need? Thanks so much for any help.

Labels:
0 Helpful
3 Replies 3

vikram_anumukonda
Level 3
Level 3

‎03-03-2009 04:20 AM

object-group service VOIP_TCP tcp

port-object eq 443

!

object-gropu service VOIP_UDP udp

port-object eq 514

port-object eq 1194

port-object eq 3480

port-object range 49000 50000

!

access-list TESTACL permit tcp any any object-group VOIP_TCP

access-list TESTACL permit udp any any object-group VOIP_UDP

!

is this what you are looking for ?

0 Helpful

mark
Level 1
Level 1
In response to vikram_anumukonda

‎03-03-2009 07:36 AM

Yes. The config on this PIX is a bit older and using static/conduit commands (I know it's outdated). What is the static command for those port mappings?

0 Helpful

vikram_anumukonda
Level 3
Level 3
In response to mark

‎03-03-2009 07:53 AM

sorry mark, I didn't get the static part of your question.

which code are you running btw ?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card