Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

12.4(20)T object-group/ACL/crypto map on 3825

hi all,

I just upgraded into 12.4(20)T my router because of new object-group fonction that I already use on all my PIX.

Bad thing is : sounds not work

I use object-group to define all my LAN networks for my VPNs

After that I apply ACL in using object-group => no problem

problem appears when I apply ACL on crypto-map. A simple "sh crypto-map" shows me that's false : it finds "permit ip any any" whereas that should be all mashed lan description.

Is it a problem on new IOS or I missed something

Regards

Nicolas

PS : in using ACL with network addresses, that works like a charm, so just when I put object-group in ACL, that doesn't work

1 REPLY
Hall of Fame Super Silver

Re: 12.4(20)T object-group/ACL/crypto map on 3825

Hello Nicolas,

looking at feature description

http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_object_group_acl.html

Known restrictions are:

Restrictions for Object Groups for ACLs

•You can use object groups only in extended and named (not numbered) ACLs.

•Object group-based ACLs support only IPv4 addresses.

•Object group-based ACLs support only Layer 3 interfaces (such as routed interfaces and VLAN interfaces). Object group-based ACLs do not support Layer 2 features such as VLAN ACLs (VACLs) or port ACLs (PACLs).

The feature is new and they declare support only on L3 interfaces.

You could try to open a TAC case to ask information for the feature road-map.

Hope to help

Giuseppe

263
Views
0
Helpful
1
Replies
CreatePlease to create content