cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
507
Views
0
Helpful
3
Replies

Acess-list with an object-group

tdalago911
Level 1
Level 1

I have a pix515e ver 6.3

I defined a object-group

eg. pix1(config)#obect-group network mxly

network-object 200.65.23.0 0.0.0.0

network-object """"" " "

network-object 202.65.30.0 0.0.0.0

pix(config)#access-list outside_acl permit tcp mxly 67.90.0.34 eq 25

the error is invalid ip address mxly.

How can I use or what is the correct context to use the object-group in my access-list as the source.

Thanks

1 Accepted Solution

Accepted Solutions

Jon Marshall
Hall of Fame
Hall of Fame

Hi

In addition to previous post you need to modify your acl ie.

access-list outside_acl permit tcp mxly 67.90.0.34 eq 25

should be

access-list outside_acl permit tcp object-group mxly host 67.90.0.34 eq 25

HTH

Jon

View solution in original post

3 Replies 3

derrickc
Level 1
Level 1

For the network-object command, use a network mask. For example:

network-object 200.65.23.0 255.255.255.0

It looks as if you are trying to use a wildcard mask.

Other than that, it looks fine.

Jon Marshall
Hall of Fame
Hall of Fame

Hi

In addition to previous post you need to modify your acl ie.

access-list outside_acl permit tcp mxly 67.90.0.34 eq 25

should be

access-list outside_acl permit tcp object-group mxly host 67.90.0.34 eq 25

HTH

Jon

derrickc
Level 1
Level 1

Good call....I should have caught that as I use object groups all of the time.

tdalago911, did this fix your problem?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: