cogit
asked on
see an example using object-group service
see an example using object-group service
I would like to see an example using object-group service command with the following
object service name: management
for services : ssh,dns,ntp,ldap,syslog,sn
ACL: then apply it from lower security30 (dmz1) on 10.30.44.0/24 to a higher (inside) security100 10.30.31.0/24
I would like to see an example using object-group service command with the following
object service name: management
for services : ssh,dns,ntp,ldap,syslog,sn
ACL: then apply it from lower security30 (dmz1) on 10.30.44.0/24 to a higher (inside) security100 10.30.31.0/24
Here's one the reverse:
object-group service User_Outbound tcp
port-object eq telnet
port-object eq www
port-object eq ssh
port-object eq ftp-data
port-object eq https
port-object eq ftp
!
access-list outbound permit tcp any any object-group User_Outbound
access-list outbound permit udp host <dns server> any eq domain
access-group outbound in interface inside
object-group service User_Outbound tcp
port-object eq telnet
port-object eq www
port-object eq ssh
port-object eq ftp-data
port-object eq https
port-object eq ftp
!
access-list outbound permit tcp any any object-group User_Outbound
access-list outbound permit udp host <dns server> any eq domain
access-group outbound in interface inside
ASKER
this work?
object-group protocol typeofprotocol
protocol-object tcp
protocol-object udp
S# exit
S# object-group service management tcp-udp
port-object eq 22
port-object eq 53
port-object eq 123
port-object eq 389
port-object eq 514
port-object eq 161
port-object eq 25
(config-service)# exit
access-list vlan32_out permit object-group typeofprotocol 10.30.32.0 255.255.255.0 10.30.31.0 255.255.255.0 object-group management
access-list vlan33_out permit object-group typeofprotocol 10.30.33.0 255.255.255.0 10.30.31.0 255.255.255.0 object-group management
access-list vlan34_out permit object-group typeofprotocol 10.30.34.0 255.255.255.0 10.30.31.0 255.255.255.0 object-group management
access-list v44_out permit object-group typeofprotocol 10.30.44.0 255.255.255.0 10.30.31.0 255.255.255.0 object-group management
access-list v54_out permit object-group typeofprotocol 10.30.54.0 255.255.255.0 10.30.31.0 255.255.255.0 object-group management
access-list v64_out permit object-group typeofprotocol 10.30.64.0 255.255.255.0 10.30.31.0 255.255.255.0 object-group management
access-group vlan32_out in interface vlan32
access-group vlan33_out in interface vlan33
access-group vlan34_out in interface vlan34
access-group v44_out in interface v44
access-group v54_out in interface v54
access-group v64_out in interface v64
object-group protocol typeofprotocol
protocol-object tcp
protocol-object udp
S# exit
S# object-group service management tcp-udp
port-object eq 22
port-object eq 53
port-object eq 123
port-object eq 389
port-object eq 514
port-object eq 161
port-object eq 25
(config-service)# exit
access-list vlan32_out permit object-group typeofprotocol 10.30.32.0 255.255.255.0 10.30.31.0 255.255.255.0 object-group management
access-list vlan33_out permit object-group typeofprotocol 10.30.33.0 255.255.255.0 10.30.31.0 255.255.255.0 object-group management
access-list vlan34_out permit object-group typeofprotocol 10.30.34.0 255.255.255.0 10.30.31.0 255.255.255.0 object-group management
access-list v44_out permit object-group typeofprotocol 10.30.44.0 255.255.255.0 10.30.31.0 255.255.255.0 object-group management
access-list v54_out permit object-group typeofprotocol 10.30.54.0 255.255.255.0 10.30.31.0 255.255.255.0 object-group management
access-list v64_out permit object-group typeofprotocol 10.30.64.0 255.255.255.0 10.30.31.0 255.255.255.0 object-group management
access-group vlan32_out in interface vlan32
access-group vlan33_out in interface vlan33
access-group vlan34_out in interface vlan34
access-group v44_out in interface v44
access-group v54_out in interface v54
access-group v64_out in interface v64
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
name XX.XX.XX.25 APROHEAT02
name XX.XX.XX.24 APROHEAT01
!
object-group service HEAT tcp
port-object eq www
port-object eq https
port-object eq 491
!
object-group network HEAT_SRVRS
network-object APROHEAT01 255.255.255.255
network-object APROHEAT02 255.255.255.255
!
access-list inbound permit tcp any object-group HEAT_SRVRS object-group HEAT
!
access-group inbound in interface outside