Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

nat policy failed if you use object-group in access-list

hey guys, anybody know about any issues with policy and access-list object-group?

I tried to make this config and pix returned an error:

the config was this:

object-group network 202_1_15_15

network-object 10.0.0.0 255.255.248.0

network-object 10.1.102.0 255.255.255.0

network-object 10.2.0.0 255.255.192.0

network-object 10.2.64.0 255.255.192.0

network-object 10.2.192.0 255.255.192.0

network-object 10.3.47.0 255.255.255.0

network-object 10.3.247.0 255.255.255.0

network-object 10.3.251.0 255.255.255.0

network-object 10.5.0.0 255.255.240.0

network-object 10.5.16.0 255.255.252.0

access-list nat_outside1 permit ip object-group 202_1_15_15 any

nat (inside) 1515 acccess-list nat_outside1

global (outside) 1515 202.1.1.15

When i applied the nat command this error was displayed:

ERROR: Invalid ip address <access-list>

The Pix version is 6.3.3

I tried this over ASA, and the config was permit without problem.

Let me know any input.

regards.

Gerard

1 REPLY
New Member

Re: nat policy failed if you use object-group in access-list

Is that the actual config copied and pasted into your post, because you have 3 "c's" in the word access-list in your nat statement.

122
Views
0
Helpful
1
Replies