mixed protocol object-group service.

Discussion in 'Cisco' started by AM, Mar 11, 2005.

  1. AM

    AM Guest

    Is it possible to have an object-group service with mixed tcp-udp protocol specification?

    Thanks,
    Alex.
     
    AM, Mar 11, 2005
    #1

    1. Advertisements

  2. AM

    Walter Roberson Guest

    :Is it possible to have an object-group service with mixed tcp-udp protocol specification?

    Sounds like a PIX question.

    You can have, for example,

    object-group service ServerPorts tcp-udp
    port-object eq 53
    port-object eq 513

    When you are constructing such an object, there is no way to
    designate which ports you want treated as UDP and which as TCP:
    all the port numbers will be used in whatever context you use
    the group in.

    : this allows regular DNS queries, and 'who'
    access-list out2in permit udp any host MyServer object-group ServerPorts

    : this allows big DNS queries, DNS zone transfers, and 'login'
    access-list out2in permit tcp any host MyServer object-group ServerPorts


    : I've never tried this... but it might allow DNS, 'who', 'and 'login'
    object-group protocol Tcp_and_Udp
    protocol-object tcp
    protocol-object udp
    access-list out2in permit object-group Tcp_and_Udp any host MyServer object-group ServerPorts
     
    Walter Roberson, Mar 11, 2005
    #2

    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.
Similar Threads

  1. Protocol Chart - Learn how to use a Protocol Analyzer

  2. access range ? Via object group ?

  3. redundant "object-group"s

  4. Object-group help on PIX 501

  5. PIX 7.0 object-group w/hostname

  6. Additional review (mixed) of B&H experience [was "B&H has the worst customer service on the planet.]

  7. PIX 7.0: Using object-group with crypto map

Loading...