03-27-2007 01:17 PM - edited 03-11-2019 02:52 AM
Hi,
I need to edit or delete and recreate an service object-group to extend a port range. Deleting the object-group says it will 'leave the object-group empty'.
When I try to delete the access-list, it says 'access-list not found'. I can delete the range.
Is there an order that this is accomplished?
Delete-
1. Range
2. Access-list
3. Object-group
Or, is there a better way to extend the port range that is already established?
thanks,
Vince
Solved! Go to Solution.
03-27-2007 01:45 PM
I am assuming you currently have something configured like:
object-group service some_random_name tcp-udp
port-object range 15100 15300
and you really need the port range to 15000 to 16000
Have you tried:
object-group service some_random_name tcp-udp
port-object range 15000 16000
no port-object range 15100 15300
03-27-2007 01:45 PM
I am assuming you currently have something configured like:
object-group service some_random_name tcp-udp
port-object range 15100 15300
and you really need the port range to 15000 to 16000
Have you tried:
object-group service some_random_name tcp-udp
port-object range 15000 16000
no port-object range 15100 15300
03-27-2007 03:57 PM
Thank you for the reply.
Yes, there is a object-group estabilshed.
I have not tried what you suggested yet.
What your saying is create a new range and delete the old one. Ok, good. I will try this. But what if I wanted the entire object-group delete?
I'll try this and get back.
thanks,
V~
BTW- the link didn't work.
03-27-2007 06:40 PM
If you want to add a new object-group and remove the current/old object-group, I would follow these steps.
show access-list random_name
access-list random_name line 20 permit tcp any any object-group old_object_group
define new object-group with new port ranges
add new line to acl random_name with new object-group. notice line number
access-list random_name line 19 permit tcp any any object-group new_object_group
Add any new acl lines in front/before the current/old acl lines. Test your changes, make sure the new acl lines show increasing hit count. Once you feel confident that the new acl lines are being used and not the current/old acl lines, remove the old acl lines.
no access-list random_name permit tcp any any object-group old_object_group
hope this helps
03-29-2007 07:55 AM
That's so much for your help! I got the object-groups and access-lists in. Once we test the new H323 equipment, I'll take out the old object-groups and access-lists.
Gratefully,
Vince
03-27-2007 02:20 PM
Here is a link that explains this in detail :-
http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_2/conf_g
d/firewall/traffic.htm#wp1042220
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: