ASDM bug with network object groups??

Unanswered Question
Apr 3rd, 2009
User Badges:

I have a possible bug when creating an Access Rule that happens sporatically.

When using a Network Object Group with 3 members as the Destination, the ACL blocks the source that I want to permit. However, when I break up the Network Object Group into 3 individual destination hosts, the ACL works fine.

Has anyone experienced this???

ASA5520 Version 8.0(4)

ASDM 6.1

Thanks much

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ivillegas Thu, 04/09/2009 - 15:17
User Badges:
  • Silver, 250 points or more

To use object groups in an access list, replace the normal protocol (protocol), network (source_address mask, etc.), service (operator port), or ICMP type (icmp_type) parameter with object-group grp_id parameter.

For example, to use object groups for all available parameters in the access-list {tcp | udp} command, enter the following command:

hostname(config)# access-list access_list_name [line line_number] [extended] {deny |

permit} {tcp | udp} object-group nw_grp_id [object-group svc_grp_id] object-group

nw_grp_id [object-group svc_grp_id] [log

[inactive | time-range time_range_name]

You do not have to use object groups for all parameters; for example, you can use an object group for the source address, but identify the destination address with an address and mask.

roshan.maskey Thu, 04/09/2009 - 16:19
User Badges:


Could you post your object group and the access list used for that object group.


This Discussion