I thought I need to share with you this so that we avoid wasting time when configuring ASA for the first time.
A typical mistake junior network administrator can make when configuring ASA, by following CISCO directives: See photo below
After permit statement, if you need in insert object-group, CISCO elaborates that "Specify a service or protocol object-group after this keyword"
Here is the catch, be careful, this will only work with protocol object-group and not a service object-group.
I would suggest CISCO edit this information and make it specific "protocol object group" to avoid confusion.
You will be safe anyways if you use ASDM, because you check boxes and they create command for you !
Enjoy!
A typical mistake junior network administrator can make when configuring ASA, by following CISCO directives: See photo below
After permit statement, if you need in insert object-group, CISCO elaborates that "Specify a service or protocol object-group after this keyword"
Here is the catch, be careful, this will only work with protocol object-group and not a service object-group.
I would suggest CISCO edit this information and make it specific "protocol object group" to avoid confusion.
You will be safe anyways if you use ASDM, because you check boxes and they create command for you !
Enjoy!
No comments:
Post a Comment