usanet21
asked on
Cisco PIX 525 error
Hi Guys, i am trying to add a new line into my existing firewall list and i am getting this error
ERROR: missing command argument(s)
I had added a few lines in before and everything is smooth, but now when i try to add this line in again, i am encountering the error.
This is the line i am trying to add in:
access-list OUTSIDE line 38 permit tcp xxx.xxx.xxx.xxx 255.255.255.248 host BAM_Public object-group mgmt_svc
Anyone knows what went wrong?
ERROR: missing command argument(s)
I had added a few lines in before and everything is smooth, but now when i try to add this line in again, i am encountering the error.
This is the line i am trying to add in:
access-list OUTSIDE line 38 permit tcp xxx.xxx.xxx.xxx 255.255.255.248 host BAM_Public object-group mgmt_svc
Anyone knows what went wrong?
ASKER
in my current access list, there are already some commands with the below without any error, so i do not think adding a eq will solve the prob. Furthermore, below are the ports for the object-group service mgmt_svc.
access-list OUTSIDE line 38 permit tcp xxx.xxx.xxx.xxx 255.255.255.248 host BAM_Public object-group mgmt_svc
object-group service mgmt_svc tcp
port-object eq ftp-data
port-object eq ftp
port-object eq telnet
port-object eq www
port-object eq sqlnet
port-object eq 4001
port-object eq 5001
port-object eq 5002
port-object eq 5003
access-list OUTSIDE line 38 permit tcp xxx.xxx.xxx.xxx 255.255.255.248 host BAM_Public object-group mgmt_svc
object-group service mgmt_svc tcp
port-object eq ftp-data
port-object eq ftp
port-object eq telnet
port-object eq www
port-object eq sqlnet
port-object eq 4001
port-object eq 5001
port-object eq 5002
port-object eq 5003
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If that fixed your issue precisely, then why the C grade?
ASKER
Thats not the precise fixed. But anyway, it is resolved. Thank you so much. I am not using the PDM by the way, i am typing the ACL one by one.
OK, thanks!
remotes object-group locals object-group services
try this
access-list 101 permit tcp xxx.xxx.xxx.xxx 255.255.255.248 host BAM_Public object-group mgmt_svc eq "network_service"
you have to specify the service associated .
network_service can be ftp , telnet ...etc..etc
renill