Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ACL with object-group service

Explain in more detail: for what hosts, from what ports and where the traffic is permited...

Example  Creating an Object Group-Based ACL

The following example shows how to create an object group-based ACL that  permits packets from the users in my_network_object_group if the  protocol ports match the ports specified in my_service_object_group:

Router> enable
Router# configure terminal
Router(config)# ip access-list extended my_ogacl_policy
Router(config-ext-nacl)# permit object-group my_service_object_group object-group my_network_object_group any
Router(config-ext-nacl)# deny tcp any any
Router(config-ext-nacl)# exit
Router(config)# exit

...ports specified in my_service_object_group must match with my_network_object_group source ports or router self ports (destination ports)?

3 REPLIES
Silver

ACL with object-group service

This is a very good document explaing the process for object group ACL

http://www.cisco.com/en/US/docs/ios-xml/ios/sec_data_acl/configuration/12-4t/sec-object-group-acl.html

New Member

Re: ACL with object-group service

I already read this document. For example:

object-group service my_service_object_group
udp eq isakmp
udp eq non500-isakmp
esp
!
ip access-list extended my_ogacl_policy1
10 permit object-group my_service_object_group object-group my_network_object_group any
!
ip access-list extended my_ogacl_policy2
10 permit esp object-group my_network_object_group any
20 permit udp object-group my_network_object_group any eq isakmp non500-isakmp
!

Whether correctly I understand:

ACL's my_ogacl_policy1 and my_ogacl_policy2 same?


New Member

Re: ACL with object-group service

ping

263
Views
0
Helpful
3
Replies
CreatePlease to create content