Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ACL with object-group to object-group and port definitions

Hello,

I have a scenario where I have multiple print servers on my outside interface that need to print/communicate to printers on my inside interface. I have setup a 1 to 1 nat for the printers but need to figure out the ACl for it. My thought was to group all my outside print servers together in one object-group and group all my inside printer networks in another object-group and then put all the ports in an another object-group then write the acl as follows

 

access-list ALLOW-OUTSIDE-to-INSIDE-PRINTING extended permit object-group PRINTER-PORTS object-group OUTSIDE-PRINT-SERVERS object-group INSIDE-PRINTERS

but all I get after the first object-group parameter is a return option <CR>. The code running on the ASA is 8.6. Is this possible? Do I need to upgrade to the latest 9.x code?

 

 

1 ACCEPTED SOLUTION

Accepted Solutions
Bronze

You have to have created the

You have to have created the object-group service before you try this command. (That is right, even before you press "Enter", when you use "?" to see the command syntax if the name of the service group you used in the line doesn't exist ASA won't show the rest of the command.)

 

2 REPLIES
Bronze

You have to have created the

You have to have created the object-group service before you try this command. (That is right, even before you press "Enter", when you use "?" to see the command syntax if the name of the service group you used in the line doesn't exist ASA won't show the rest of the command.)

 

Community Member

Thank you guibarati.

Thank you guibarati.

83
Views
0
Helpful
2
Replies
CreatePlease to create content