Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA5550 access-list with object-groups. Getting an error. Need help

ASA 5550. Version 7.1(2). I'm getting the following error when configuring an access-list with object-groups:

ERROR: extra command argument(s)

Usage:

This is what i have. Don't know whats wrong. Please help.

object-group network XYZ_MGMT_NETS

description XYZ Management Networks

network-object 10.110.64.0 255.255.248.0

network-object 10.110.100.0 255.255.252.0

network-object 10.110.124.0 255.255.252.0

object-group service MGMT_APPS tcp-udp

description XYZ Management Apps

port-object eq 123

port-object eq tacacs

port-object eq 69

port-object eq 162

port-object eq 514

object-group protocol PROT

description protocols (tcp/udp) for XYZ Mgmt

protocol-object ip

protocol-object tcp

protocol-object udp

access-list acl_manage3 extended permit object-group PROT any object-group XYZ_MGMT_NETS object-group MGMT_APPS

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: ASA5550 access-list with object-groups. Getting an error. Ne

Could there be a problem with your protocol group, -assuming I am reading it right, with an ip object inside of a tcp/udp protocol group? If tcp/udp protocols are a subset of ip will the protocol group still work?

2 REPLIES
New Member

Re: ASA5550 access-list with object-groups. Getting an error. Ne

Could there be a problem with your protocol group, -assuming I am reading it right, with an ip object inside of a tcp/udp protocol group? If tcp/udp protocols are a subset of ip will the protocol group still work?

New Member

Re: ASA5550 access-list with object-groups. Getting an error. Ne

That was it. Thank you. I removed the "protocol-object ip" from the PROT object-group and voila it worked. Thanks once again.

643
Views
0
Helpful
2
Replies