Solved: fwsm- adding protocol object groups - Cisco Community

537

Views

4

Helpful

3

Replies

I am trying to create ACL using object groups which contain protocols in 6500 FWSM configuration.

I have a list of protocols that has to be identified by tcp port numner;

for example: tcp ports 33000, 8095, 8090 etc. But I can only see the protocol numbers only in the range of 0 to 255 in the FWSM ocnfig.

Is there any other way that I can group this protocoil numnbers ?

1 Accepted Solution

Accepted Solutions

You need to add a service object (layer 4 service) and not a protocol object (layer 3 protocol like ospf,tcp,udp etc.)

Have a look at:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00800d641d.shtml#serv

Please rate if helpful.

Regards

Farrukh

View solution in original post

3 Replies 3

kindly send me the sw version you are using on your fwsm module using

fwsm# sh version

Also read table D-5 in the following url

http://www.cisco.com/en/US/docs/security/fwsm/fwsm31/configuration/guide/ports_f.html#wp1045623

Don't mix up port numbers (http://www.iana.org/assignments/port-numbers, used in TCP and UDP only) and IP protocol numbers (http://www.iana.org/assignments/protocol-numbers).

You need to add a service object (layer 4 service) and not a protocol object (layer 3 protocol like ospf,tcp,udp etc.)

Have a look at:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00800d641d.shtml#serv

Please rate if helpful.

Regards

Farrukh

Learn, share, save

Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.

New here? Get started with these tips. How to use Community New member guide

Log in to Community

Review Cisco Networking products for a $25 gift card