?
Solved

see an example using object-group service

Posted on 2005-04-07
4
Medium Priority
?
340 Views
Last Modified: 2010-04-08
see an example using object-group service



I would like to see an example using object-group service command with  the following


object service name: management

for services : ssh,dns,ntp,ldap,syslog,snmp,smtp

ACL: then apply it from lower security30 (dmz1) on 10.30.44.0/24 to a higher (inside) security100 10.30.31.0/24
0
Comment
Question by:cogit
  • 3
4 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 13731449
Sure...

name XX.XX.XX.25 APROHEAT02
name XX.XX.XX.24 APROHEAT01
!
object-group service HEAT tcp
  port-object eq www
  port-object eq https
  port-object eq 491
!
object-group network HEAT_SRVRS
  network-object APROHEAT01 255.255.255.255
  network-object APROHEAT02 255.255.255.255
!
access-list inbound permit tcp any object-group HEAT_SRVRS object-group HEAT
!
access-group inbound in interface outside
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 13731489
Here's one the reverse:

object-group service User_Outbound tcp
  port-object eq telnet
  port-object eq www
  port-object eq ssh
  port-object eq ftp-data
  port-object eq https
  port-object eq ftp
!
access-list outbound permit tcp any any object-group User_Outbound
access-list outbound permit udp host <dns server> any eq domain
access-group outbound in interface inside
0
 

Author Comment

by:cogit
ID: 13731866
this work?

object-group protocol typeofprotocol
protocol-object tcp
 protocol-object udp
S# exit
S# object-group service management tcp-udp
port-object eq 22
port-object eq 53
port-object eq 123
port-object eq 389
port-object eq 514
port-object eq 161
port-object eq 25
(config-service)#  exit


access-list vlan32_out permit object-group typeofprotocol 10.30.32.0 255.255.255.0 10.30.31.0 255.255.255.0  object-group  management
access-list vlan33_out permit object-group typeofprotocol 10.30.33.0 255.255.255.0 10.30.31.0 255.255.255.0  object-group  management
access-list vlan34_out permit object-group typeofprotocol 10.30.34.0 255.255.255.0 10.30.31.0 255.255.255.0  object-group  management
access-list v44_out permit object-group typeofprotocol 10.30.44.0 255.255.255.0 10.30.31.0 255.255.255.0  object-group  management
access-list v54_out permit object-group typeofprotocol 10.30.54.0 255.255.255.0 10.30.31.0 255.255.255.0  object-group  management
access-list v64_out permit object-group typeofprotocol 10.30.64.0 255.255.255.0 10.30.31.0 255.255.255.0  object-group  management
access-group vlan32_out in interface vlan32
access-group vlan33_out in interface vlan33
access-group vlan34_out in interface vlan34
access-group v44_out in interface v44
access-group v54_out in interface v54
access-group v64_out in interface v64


0
 
LVL 79

Accepted Solution

by:
lrmoore earned 2000 total points
ID: 13739492
I don't know why that would not work.
You can also group your networks. This is just an example only:

name 10.30.32.0 DOT32
name 10.30.33.0 DOT33
name 10.30.34.0 DOT34
name 10.30.54.0 DOT54
name 10.30.64.0 DOT64

object-group network LOWSECURITY
  network-object DOT32 255.255.255.0
  network-object DOT33 255.255.255.0
  network-object DOT34 255.255.255.0

object-group network HIGHSECURITY
  network-object DOT54 255.255.255.0
  network-object DOT64 255.255.255.0



access-list dmz_in permit object-group typeofprotocol object-group LOWSECURITY object-group HIGHSECURITY object-group management

0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses
Course of the Month13 days, 14 hours left to enroll

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question