Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

how to grouping object in PIX525

I want to group object to deny packets from stock site

(config)#object-group service not_allowed_ports tcp

(config-service)#port-object eq 6788

(config-service)#port-object eq 7777

(config-service)#port-object eq 8082

......

(config-service)#port-object eq 26119

(config)#access-list 119 deny tcp any object-group not_allowed_ports

is it possible ???

thanks in advance

1 REPLY

Re: how to grouping object in PIX525

Yes, but don't forget source/destination on the acl. This is an example of what I am using right now:

object-group network wizards

network-object 10.0.0.111 255.255.255.255

network-object 10.0.0.102 255.255.255.255

object-group network Admins

network-object 10.200.200.75 255.255.255.255

network-object 10.200.200.76 255.255.255.255

object-group service e_TCP tcp

description TCP Service Group

port-object range 6363 6364

object-group service e_UDP udp

description UDP Service Group

port-object eq snmp

port-object eq snmptrap

access-list inside_access_in permit tcp object-group Admins object-group wizards object-group e_TCP

access-list inside_access_in permit udp object-group Admins object-group wizards object-group e_UDP

Hope it helps.

Steve

105
Views
4
Helpful
1
Replies
CreatePlease to create content