I have a 3rd party that manages a number of servers for a client. Only the static IP on the outside interface of the client's ASA-5510 is allowed to access the servers. They use Split Tunneling on their ASA-5510, so VPN traffic bound for those servers must go through the tunnel. That is simple. The information below shows the ACLs that are in place and working. However, I would like to create an object-group for those IP addresses. I tried the object-group code below, but it didn't work.
ACLs that are working:
access-list VPN_Users_splitTunnelAcl standard permit host STATIC_IP1 access-list VPN_Users_splitTunnelAcl standard permit host STATIC_IP2
access-list VPN_Users_splitTunnelAcl standard permit host STATIC_IP3 access-list VPN_Users_splitTunnelAcl standard permit host STATIC_IP4
What I would prefer to use is:
access-list VPN_Users_splitTunnelAcl extended permit ip any object-group MY_OBJECT_GROUP
What am I doing wrong here? I ran out of testing time this evening and thought I would go ahead and post this here.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...