Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASDM bug with network object groups??

I have a possible bug when creating an Access Rule that happens sporatically.

When using a Network Object Group with 3 members as the Destination, the ACL blocks the source that I want to permit. However, when I break up the Network Object Group into 3 individual destination hosts, the ACL works fine.

Has anyone experienced this???

ASA5520 Version 8.0(4)

ASDM 6.1

Thanks much


Re: ASDM bug with network object groups??

To use object groups in an access list, replace the normal protocol (protocol), network (source_address mask, etc.), service (operator port), or ICMP type (icmp_type) parameter with object-group grp_id parameter.

For example, to use object groups for all available parameters in the access-list {tcp | udp} command, enter the following command:

hostname(config)# access-list access_list_name [line line_number] [extended] {deny |

permit} {tcp | udp} object-group nw_grp_id [object-group svc_grp_id] object-group

nw_grp_id [object-group svc_grp_id] [log [[level] [interval secs] | disable | default]]

[inactive | time-range time_range_name]

You do not have to use object groups for all parameters; for example, you can use an object group for the source address, but identify the destination address with an address and mask.

New Member

Re: ASDM bug with network object groups??


Could you post your object group and the access list used for that object group.