Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2912
Views
0
Helpful
5
Replies

Object-group editing/deleting

Go to solution
vdinenna71
Level 1
Level 1

‎03-27-2007 01:17 PM - edited ‎03-11-2019 02:52 AM

Hi,

I need to edit or delete and recreate an service object-group to extend a port range. Deleting the object-group says it will 'leave the object-group empty'.

When I try to delete the access-list, it says 'access-list not found'. I can delete the range.

Is there an order that this is accomplished?

Delete-

1. Range

2. Access-list

3. Object-group

Or, is there a better way to extend the port range that is already established?

thanks,

Vince

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
rmeans
Level 3
Level 3

‎03-27-2007 01:45 PM

I am assuming you currently have something configured like:

object-group service some_random_name tcp-udp

port-object range 15100 15300

and you really need the port range to 15000 to 16000

Have you tried:

object-group service some_random_name tcp-udp

port-object range 15000 16000

no port-object range 15100 15300

View solution in original post

0 Helpful
5 Replies 5

Go to solution
rmeans
Level 3
Level 3

‎03-27-2007 01:45 PM

I am assuming you currently have something configured like:

object-group service some_random_name tcp-udp

port-object range 15100 15300

and you really need the port range to 15000 to 16000

Have you tried:

object-group service some_random_name tcp-udp

port-object range 15000 16000

no port-object range 15100 15300

0 Helpful

Go to solution
vdinenna71
Level 1
Level 1
In response to rmeans

‎03-27-2007 03:57 PM

Thank you for the reply.

Yes, there is a object-group estabilshed.

I have not tried what you suggested yet.

What your saying is create a new range and delete the old one. Ok, good. I will try this. But what if I wanted the entire object-group delete?

I'll try this and get back.

thanks,

V~

BTW- the link didn't work.

0 Helpful

Go to solution
rmeans
Level 3
Level 3
In response to vdinenna71

‎03-27-2007 06:40 PM

If you want to add a new object-group and remove the current/old object-group, I would follow these steps.

show access-list random_name

access-list random_name line 20 permit tcp any any object-group old_object_group

define new object-group with new port ranges

add new line to acl random_name with new object-group. notice line number

access-list random_name line 19 permit tcp any any object-group new_object_group

Add any new acl lines in front/before the current/old acl lines. Test your changes, make sure the new acl lines show increasing hit count. Once you feel confident that the new acl lines are being used and not the current/old acl lines, remove the old acl lines.

no access-list random_name permit tcp any any object-group old_object_group

hope this helps

0 Helpful

Go to solution
vdinenna71
Level 1
Level 1
In response to rmeans

‎03-29-2007 07:55 AM

That's so much for your help! I got the object-groups and access-lists in. Once we test the new H323 equipment, I'll take out the old object-groups and access-lists.

Gratefully,

Vince

0 Helpful

Go to solution
abinjola
Cisco Employee
Cisco Employee

‎03-27-2007 02:20 PM

Here is a link that explains this in detail :-

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_2/conf_g

d/firewall/traffic.htm#wp1042220

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card