I am trying to limit the amount of typing by creating groups and adding an acl dependent on those groups, however i cannot get it to work. Attached you will see (hopefully) what I am trying to accomplish. I need to allow a few remote hosts to contact a set of servers using Terminal Services. Using acl's per device seems to work, but assignig one acl using "object-groups" is not working. What am I missing? Any help is appreciated!
PIX 525 version 7.2
object-group service Term_Service tcp description Microsoft Terminal Services port-object eq 3389
object-group service web tcp description HTTP and HTTPS port-object eq https port-object eq www
This is how the acl looks now, but it still is not working. When I create the individual acl statements for each connection it works fine and when issuing the "show acccess-list" command the statements look the same as they do when apllied with object-group.
Are you sure that the traffic is coming into the ASA? I would try clearing the arp on the router in front of the ASA and/or reloading it. You might want to make sure that the router is forwarding the traffic to the ASA.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...