ASA 5505 Object-Group

- H
- Hage
  
  Contact options for registered users
posted
16 years ago

Tue, Apr 15, 2008 12:22 PM

I am trying to configure an ASA 5505 to allow a range of tcp-udp ports to a host on the inside network. I created the service object-group with the range of ports also I created both tcp and udp access list for the object groups (Cisco ASA and PIX Firewall Handbook). But I need to establish a static route to the host on the inside network. I cannot find the proper syntax to allow this. Any suggestions would be appreciated. I have added the below lines to my configuration.

object-group service test tcp-udp description test port-object range 22345 23344

access-list inbound extended permit tcp any interface outside object-group test access-list inbound extended permit udp any interface outside object-group test

Thanks

Loading thread data ...

- W
- Walter Roberson
  
  Contact options for registered users
Vote on answer
posted
16 years ago

Tue, Apr 15, 2008 2:07 PM

If it works like PIX 6 did, it should look like the following:

access-list test_static extended permit tcp host INTERNALIP object-group test any access-list test_static extended permit udp host INTERNALIP object-group test any

static (inside,outside) interface access-list test_static

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.