cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1040
Views
0
Helpful
3
Replies

Unable to add object-group to acl

rakyomin78
Level 1
Level 1

Hi,

I have encountered a problem which puzzles me.

Here are my object-groups:

object-group network fserve

network-object host fserve-active

network-object host fserve-standby

object-group service fserve-services

service-object tcp eq www

service-object tcp eq ftp

object-group icmp-type test-connection

icmp-object echo

icmp-object echo-reply

icmp-object unreachable

icmp-object time-exceeded

object-group network dmz-hosts

group-object fserve

object-group service dmz-services

group-object fserve-services

object-group network inside-hosts

description define inside hosts

network-object 172.16.0.0 255.255.0.0

object-group protocol dmz-ports

protocol-object tcp

I am trying to add in a service object group but asa refuses and said it was an error. Here's what I type:

access-list pub->dmz extended permit object-group dmz-ports any object-group dmz-hosts object-group dmz-services

Here's what ASA said:

ERROR: specified object group <dmz-services> has wrong type; expecting service type

I would like to know what have gone wrong...dmz-services is indeed service object-group but asa refused to accept it.

Thanks.

3 Replies 3

haivrajesh
Level 1
Level 1

You have to mention group-object fserver-services >> what and all included this need to add in to same then only work.

Rajeswar

Thank you for your reply, but sorry I do not understand what you mean.

If you mean dmz-services did not include group-object fserve-services, then look again at the object group config.

object-group service dmz-services

group-object fserve-services

I have fixed the problem.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: