Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

How to creat a object-group with acl

HI

In cisco router 2911 how to creat a network object with port permission on ACL. herz what i have done but couldnt succeed in

port 22 and 24 should be denied and rest all port services are allowed to outside interface

-----

object-group service SPVOIP

tcp eq 22

tcp eq 24

-------!

object-group network VOIP

77.240.X.0 255.255.255.0

77.240.X.0 255.255.255.0

77.240.X.0 255.255.255.0

77.240.X.0 255.255.255.0

host 74.125.236.119

---------

outside interface Ip: 182.72.152.X

ip access-group 102 in

------

------------(the network object listed above for VOIP should be denied at port 22 and 24 and allowed on all  other ports to outside interface)

access-list 102 deny   object-group SPVOIP object-group VOIP 182.72.152.X 0.0.0.7   

access-list 102 permit ip object-group VOIP 182.72.152.X 0.0.0.7

access-list 102 deny   ip any any

----

Thanks

sreek

3 REPLIES
Purple

How to creat a object-group with acl

Hi,

Could you do a clear access-list counters then send some traffic and do a sh access-list to see the hitcounts

Regards.

Alain

Don't forget to rate helpful posts.
Community Member

Re: How to creat a object-group with acl

Hi alain/all

i have done that but still iam unable to reach the 77.240.X.0 255.255.255.0 where i have allowed it int natting policy and also in the acl 102 binded to outside interface of my router

below i have attached file

1. config of router

2. ping reply with and without ACL (using object-group) on interface.

can you please point out me where iam stuck at.. its almost three weeks im in to this. one or the other poped up.

requiremnet:

example:my router  should be only communicated  with 77.240.X.0 and no where outiside IPs it should communicate.

also 77.240.X.0 is denied at ports 22 and 24 for telnet or ssh and allowed all ports to be communicated with my router gateway.

Thanks

srikanth

Community Member

Re: How to creat a object-group with acl

Hi

can anyone please help me on this

regards

srikanth

435
Views
0
Helpful
3
Replies
CreatePlease to create content