Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Acess-list with an object-group

I have a pix515e ver 6.3

I defined a object-group

eg. pix1(config)#obect-group network mxly

network-object 200.65.23.0 0.0.0.0

network-object """"" " "

network-object 202.65.30.0 0.0.0.0

pix(config)#access-list outside_acl permit tcp mxly 67.90.0.34 eq 25

the error is invalid ip address mxly.

How can I use or what is the correct context to use the object-group in my access-list as the source.

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: Acess-list with an object-group

Hi

In addition to previous post you need to modify your acl ie.

access-list outside_acl permit tcp mxly 67.90.0.34 eq 25

should be

access-list outside_acl permit tcp object-group mxly host 67.90.0.34 eq 25

HTH

Jon

3 REPLIES
New Member

Re: Acess-list with an object-group

For the network-object command, use a network mask. For example:

network-object 200.65.23.0 255.255.255.0

It looks as if you are trying to use a wildcard mask.

Other than that, it looks fine.

Hall of Fame Super Blue

Re: Acess-list with an object-group

Hi

In addition to previous post you need to modify your acl ie.

access-list outside_acl permit tcp mxly 67.90.0.34 eq 25

should be

access-list outside_acl permit tcp object-group mxly host 67.90.0.34 eq 25

HTH

Jon

New Member

Re: Acess-list with an object-group

Good call....I should have caught that as I use object groups all of the time.

tdalago911, did this fix your problem?

111
Views
0
Helpful
3
Replies
CreatePlease login to create content