×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Creating object-groups on a pix 515 ios 7.1

Unanswered Question
Mar 31st, 2006
User Badges:

I am attempting to create object-group to make the management of the access list easier. I am planning on using network, protocol, services and icmp-type.


Here is one of the object containers:


object-group protocol tunnel-protocol

description Protocols allowed across VPN Tunnel to Tiffany

Protocol-object ip

Protocol-object udp

Protocol-object tcp

Protocol-object icmp


object-group service tunnel-service

description Services allowed across VPN Tunnel to Tiffany

port-object eq ssh

port-object eq www

port-object eq https

port-object eq 3690

port-object eq 3306


object-group network vpn_philippines

description Networks allowed for VPN Tunnel Philippines Side

network-object host 203.82.38.76

network-object host 203.82.38.77

network-object host 203.82.38.78

exi


object-group network vpn_tiffany

description Networks allowed for VPN Tunnel Tiffany Side

network-object host 70.169.128.236

network-object host 70.169.128.237

network-object host 70.169.128.238

exi



My concern is applying these and if they are configured correctly

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Patrick Laidlaw Sat, 04/01/2006 - 23:42
User Badges:
  • Gold, 750 points or more

hello


Your object groups look fine but I think your going a little over board using the protocl group. Usually people use one group for ip addys/networks and maybe a services group in a rule.


From what I see your going to use this for vpn matching or for the access-list inside.


Don't get to over zealous with your groups if there is no need.


Patrick


phillips.w Sun, 04/02/2006 - 17:38
User Badges:

Thanks for the help. I will remove the protocols and enter one line in the acl for each.


Thanks

Actions

This Discussion