Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

PIX Object-group command

How can I combine the TCP & UDP service into one object-group ?

object-group service DGCORP_UDP1 udp

port-object eq 1000

port-object eq 8000

object-group service DGCORP_TCP1 tcp

port-object eq 3365

port-object eq 4445

Regards.

3 REPLIES
Community Member

Re: PIX Object-group command

Theoretically, object groups can be nested as long as they are of the same type. This should do the job

object-group protocol BOTHDGCORPS

description combine DGCORP_UDP1 and DGCORP_TCP1 PROTOCOL OBJECTS

protocol-object DGCORP_UDP1

protocol-object DGCORP_TCP1

Then reference BOTHDGCORPS when u want to use it.

Cheers

Community Member

Re: PIX Object-group command

Ignore my earlier posting.I mixed what I was doing with the answer meant for you.

Try this.

object-group service BOTHDGCORP tcp-udp

description combining DGCORPUDP1 AND DGCORPTCP1

group-object DGCORP_UDP1

group-object DGCORP_TCP1

ref BOTHDGCORP when used.

Community Member

Re: PIX Object-group command

Hi, thanks for answer.

Another question is how should I apply it to access-list ? As the BOTHDGCORP consist of udp and tcp.

Does this correct ?

access-list outside permit ip any any BOTHDGCORP

OR

object-group protocol tcp_udp

protocol-object udp

protocol-object tcp

access-list outside permit object-group tcp_udp any any BOTHDGCORP

Regards.

201
Views
0
Helpful
3
Replies
CreatePlease to create content