取消
显示结果 
搜索替代 
您的意思是: 
cancel
3757
查看次数
0
有帮助
5
回复

asa Object-group的疑问

luyuyou
Level 1
Level 1

为什么提示说这个object-group 是无效的
ciscoasa(config)# access-list out-to-in extended permit object-group ping1
ERROR: Invalid object-group type
ciscoasa(config)# show object-group
object-group network office-server
network-object 11.1.1.1 255.255.255.255
network-object 12.1.1.1 255.255.255.255
object-group service ping
object-group service http-telnet-ftp tcp-udp
port-object eq echo
port-object eq www
port-object range 0 65535
object-group network lan
network-object 10.1.1.1 255.255.255.255
network-object 11.1.1.1 255.255.255.255
network-object 12.1.1.1 255.255.255.255
object-group protocol proto
object-group service ping1 tcp-udp
port-object range 0 65535
ciscoasa(config)#
ciscoasa(config)#
ciscoasa(config)#
ciscoasa(config)# show ver
Cisco Adaptive Security Appliance Software Version 9.5(2)204
Device Manager Version 7.5(2)
Compiled on Mon 15-Feb-16 19:00 PST by builders
System image file is "boot:/asa952-204-smp-k8.bin"
Config file at boot was "startup-config"
ciscoasa up 4 hours 56 mins
5 条回复5

YilinChen
Spotlight
Spotlight
类型有问题呀,定义的是协议和端口,不是IP地址范围,也没看到嵌套调用

huoran1234
Spotlight
Spotlight
得先调用ip得obj,再调用协议得obj啊

18653465190
Spotlight
Spotlight
YilinChen 发表于 2019-1-28 09:00
类型有问题呀,定义的是协议和端口,不是IP地址范围,也没看到嵌套调用

跟着学习一下

Rockyw
Spotlight
Spotlight
前面的网友已经提示了,楼主还不清楚的话,可以参考一下下面的文档
Solved: ASA Extended Access-List with Object Group
https://community.cisco.com/t5/firewalls/asa-extended-access-list-with-object-group/td-p/2786204
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rockyw | If it solves your problem, please mark as answer. Thanks !

xuxiaoxunlxl
Level 1
Level 1
跟着学习学习
入门指南

使用上面的搜索栏输入关键字、短语或问题,搜索问题的答案。

我们希望您在这里的旅程尽可能顺利,因此这里有一些链接可以帮助您快速熟悉思科社区:









快捷链接