Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
424
Views
3
Helpful
3
Replies

using an access-group in an access-list statement

3msands
Level 1
Level 1

‎04-11-2003 09:45 AM - edited ‎02-20-2020 09:21 PM

I'm trying to use access-groups in my access lists and I keep getting an error the general format is as follows

access-list acl_in permit ip host 10.10.12.5 object-group bkup object-group legato

I get an error stating extra-argument(s)

Labels:
0 Helpful
3 Replies 3

gfullage
Cisco Employee
Cisco Employee

‎04-13-2003 05:38 PM

Impossible for us to tell the problem without seeing how you've configured the bkup and legato object-groups.

Make sure you follow http://www.cisco.com/warp/public/707/pix_obj_grp.html and see how you go, if you're still having problems please at least show us the individual object groups you've configured and EXACTLY what error you're getting.

0 Helpful

3msands
Level 1
Level 1
In response to gfullage

‎04-14-2003 03:40 AM

I think I've figured it out. It appears that the pix dosen't like me using "ip" for protocol. If I define the access list using tcp or udp it is fine. Not sure why I'm seeing this behavior but at least I have a work around.

0 Helpful

gfullage
Cisco Employee
Cisco Employee
In response to 3msands

‎04-14-2003 03:00 PM

If "object-group legato" is a service-type group, then you definately have to specify either tcp or udp, since that is exactly what you're telling the PIX. You can't have an access-list that includes TCP/UDP ports and then just say that's an IP access-list.

Customers Also Viewed These Support Documents