I want to replace the following:
access-list 101 permit tcp host 192.168.50.100 eq www any
access-list 101 permit tcp host 192.168.50.100 eq 443 any
I figured I could just create a service group and create the ACL.
object-group service WebServices
ip access-list extended 188
permit tcp host 192.168.50.100 eq WebServices ( <--problem here)
'permit tcp host 192.168.50.100 eq ?' doesn't give me the option of adding a service object group. 'permit tcp host 192.168.50.100 ?' only allows network object groups. And applying the service object group at 'permit ?' doesn't make sense (don't know if it's source or destination ports). When I look here: http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_object_group_acl_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1113487 It says I should be able to put a service object group directly behind the network object group. But this isn't the case for me. 'permit tcp object-group WebServers ?' only allows network object groups. I'm running Version 12.4(24)T1 on a 7206. Anyone know how to use this properly? TIA.