mixed protocol object-group service.

Is it possible to have an object-group service with mixed tcp-udp protocol specification?

Thanks, Alex.

Reply to
AM
Loading thread data ...

In article , AM wrote: :Is it possible to have an object-group service with mixed tcp-udp protocol specification?

Sounds like a PIX question.

You can have, for example,

object-group service ServerPorts tcp-udp port-object eq 53 port-object eq 513

When you are constructing such an object, there is no way to designate which ports you want treated as UDP and which as TCP: all the port numbers will be used in whatever context you use the group in.

: this allows regular DNS queries, and 'who' access-list out2in permit udp any host MyServer object-group ServerPorts

: this allows big DNS queries, DNS zone transfers, and 'login' access-list out2in permit tcp any host MyServer object-group ServerPorts

: I've never tried this... but it might allow DNS, 'who', 'and 'login' object-group protocol Tcp_and_Udp protocol-object tcp protocol-object udp access-list out2in permit object-group Tcp_and_Udp any host MyServer object-group ServerPorts

Reply to
Walter Roberson

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.