can ACL do this

Answered Question
Oct 29th, 2009
User Badges:

like fire policy,on the router or the switch,user can first define the application service,the when user define the ACL,can use the this:

define app-service1 tcp= 1812,1813,udp=1813,1646

ip access extend test

permit ip host t1 host t2 service app-service1

permit ip host t3 service app-service1 host t4

Correct Answer by cameron.moody about 7 years 7 months ago


It sure can with object-groups

eg object-group service myservices

tcp 1812

udp 1813

udp 1646

object-group network myservers




Hope this helps

Please rate if helpful

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
tachyon05 Mon, 11/16/2009 - 08:54
User Badges:

yes it can. however, i am running into issues with router crashing, as soon as i configure IPsec. in the link you provided, it does say "ipsec is not supported". i am just not sure if things will work if i only use IPsec on ACLs that have nothing to do with VPNs, and only use old style ACLs (without object groups) on ACLs that have anything to do with VPNs. Still trying ...

QFX527518 Mon, 11/23/2009 - 22:49
User Badges:

thx.our company device's IOS not support the object_ACL.only wait new device and new ios.


This Discussion