Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

can ACL do this

like fire policy,on the router or the switch,user can first define the application service,the when user define the ACL,can use the define-service.like this:

define app-service1 tcp= 1812,1813,udp=1813,1646

ip access extend test

permit ip host t1 host t2 service app-service1

permit ip host t3 service app-service1 host t4

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: can ACL do this

Hi,

It sure can with object-groups

http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_object_group_acl.html

eg object-group service myservices

tcp 1812

udp 1813

udp 1646

object-group network myservers

host 1.1.1.1

host 2.2.2.2

network 10.10.10.0 255.255.255.0

Hope this helps

Please rate if helpful

3 REPLIES
New Member

Re: can ACL do this

Hi,

It sure can with object-groups

http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_object_group_acl.html

eg object-group service myservices

tcp 1812

udp 1813

udp 1646

object-group network myservers

host 1.1.1.1

host 2.2.2.2

network 10.10.10.0 255.255.255.0

Hope this helps

Please rate if helpful

New Member

Re: can ACL do this

yes it can. however, i am running into issues with router crashing, as soon as i configure IPsec. in the link you provided, it does say "ipsec is not supported". i am just not sure if things will work if i only use IPsec on ACLs that have nothing to do with VPNs, and only use old style ACLs (without object groups) on ACLs that have anything to do with VPNs. Still trying ...

New Member

Re: can ACL do this

thx.our company device's IOS not support the object_ACL.only wait new device and new ios.

155
Views
10
Helpful
3
Replies
CreatePlease login to create content