can ACL do this

Answered Question
Oct 29th, 2009

like fire policy,on the router or the switch,user can first define the application service,the when user define the ACL,can use the define-service.like this:

define app-service1 tcp= 1812,1813,udp=1813,1646

ip access extend test

permit ip host t1 host t2 service app-service1

permit ip host t3 service app-service1 host t4

I have this problem too.
0 votes
Correct Answer by cameron.moody about 7 years 2 months ago

Hi,

It sure can with object-groups

http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_object_group_acl.html

eg object-group service myservices

tcp 1812

udp 1813

udp 1646

object-group network myservers

host 1.1.1.1

host 2.2.2.2

network 10.10.10.0 255.255.255.0

Hope this helps

Please rate if helpful

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
tachyon05 Mon, 11/16/2009 - 08:54

yes it can. however, i am running into issues with router crashing, as soon as i configure IPsec. in the link you provided, it does say "ipsec is not supported". i am just not sure if things will work if i only use IPsec on ACLs that have nothing to do with VPNs, and only use old style ACLs (without object groups) on ACLs that have anything to do with VPNs. Still trying ...

QFX527518 Mon, 11/23/2009 - 22:49

thx.our company device's IOS not support the object_ACL.only wait new device and new ios.

Actions

This Discussion