Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ACL syntax problem

I have a ASA services modules in a 6509-E that is giving me issues with ragards to ACL syntax

Let's say I have a KMS server at 192.168.20.10

I want to allow all hosts to reach this server at port tcp 1688

so I do

object-group network KMS-SERVERS

host 192.168.20.10

then

access-list KMS-ACCESS-IN extended permit tcp any object-group KMS-SERVERS eq 1688

problem is, it WILL NOT take the "eq 1688"

this was a valid command in other IOS versions. Why isn't it working now?

1 ACCEPTED SOLUTION

Accepted Solutions
VIP Purple

ACL syntax problem

that is typically the case if the object-group is not available. Thats the reason I asked what you *really* configured on your box.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
3 REPLIES
VIP Purple

ACL syntax problem

Is that really what you configured? Your object-group doesn't look like that what you show here is what you did on your ASA.

Please verify and show the exact terminal-output.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
New Member

ACL syntax problem

well that is my question

the command

access-list KMS-ACCESS-IN extended permit tcp any host 192.168.20.10 eq 1688

will work

access-list KMS-ACCESS-IN extended permit tcp any object-group KMS-SERVERS eq 1688

will not

I don't get any options after the object group

this used to work

VIP Purple

ACL syntax problem

that is typically the case if the object-group is not available. Thats the reason I asked what you *really* configured on your box.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
120
Views
0
Helpful
3
Replies