×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

how to grouping object in PIX525

Unanswered Question
Sep 30th, 2002
User Badges:


I want to group object to deny packets from stock site


(config)#object-group service not_allowed_ports tcp

(config-service)#port-object eq 6788

(config-service)#port-object eq 7777

(config-service)#port-object eq 8082

......

(config-service)#port-object eq 26119


(config)#access-list 119 deny tcp any object-group not_allowed_ports



is it possible ???



thanks in advance

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
steve.barlow Mon, 09/30/2002 - 04:06
User Badges:
  • Silver, 250 points or more

Yes, but don't forget source/destination on the acl. This is an example of what I am using right now:

object-group network wizards

network-object 10.0.0.111 255.255.255.255

network-object 10.0.0.102 255.255.255.255

object-group network Admins

network-object 10.200.200.75 255.255.255.255

network-object 10.200.200.76 255.255.255.255

object-group service e_TCP tcp

description TCP Service Group

port-object range 6363 6364

object-group service e_UDP udp

description UDP Service Group

port-object eq snmp

port-object eq snmptrap

access-list inside_access_in permit tcp object-group Admins object-group wizards object-group e_TCP

access-list inside_access_in permit udp object-group Admins object-group wizards object-group e_UDP

Hope it helps.

Steve

Actions

This Discussion