Service Objects and Groups in ASDM

Answered Question
May 10th, 2010

I have been using ASDM for some time

now.  I have always had a quesiton about what exactly Service Groups are that are built using the Service type TCP/UDP vs.  ones that are specifically TCP or UDP.  Out of fear I have always built Service Groups for TCP only or for UDP only.

Lets say I need a Service Group that needs ports 102, 20000, and 21000 in it, but I am unsure if the ports need to be UDP or TCP.  If I create the Service Group using type TCP/UDP, will it allow both TCP and UDP in for the specific port?

Thanks

Kevin

Correct Answer by Jon Marshall about 6 years 9 months ago

k-melton wrote:

I have been using ASDM for some time

now.  I have always had a quesiton about what exactly Service Groups are that are built using the Service type TCP/UDP vs.  ones that are specifically TCP or UDP.  Out of fear I have always built Service Groups for TCP only or for UDP only.

Lets say I need a Service Group that needs ports 102, 20000, and 21000 in it, but I am unsure if the ports need to be UDP or TCP.  If I create the Service Group using type TCP/UDP, will it allow both TCP and UDP in for the specific port?

Thanks

Kevin

Kevin

Yes it would. In fact that is exactly what service objects are used for ie. so you don't have to create 2 separate groups, one for TCP and one for UDP. So you would configure "object-group service tcp-udp" and then simply use service-objects to add your ports.

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jon Marshall Mon, 05/10/2010 - 10:26

k-melton wrote:

I have been using ASDM for some time

now.  I have always had a quesiton about what exactly Service Groups are that are built using the Service type TCP/UDP vs.  ones that are specifically TCP or UDP.  Out of fear I have always built Service Groups for TCP only or for UDP only.

Lets say I need a Service Group that needs ports 102, 20000, and 21000 in it, but I am unsure if the ports need to be UDP or TCP.  If I create the Service Group using type TCP/UDP, will it allow both TCP and UDP in for the specific port?

Thanks

Kevin

Kevin

Yes it would. In fact that is exactly what service objects are used for ie. so you don't have to create 2 separate groups, one for TCP and one for UDP. So you would configure "object-group service tcp-udp" and then simply use service-objects to add your ports.

Jon

Actions

This Discussion