Well usually you build the required ACL from a combination of "permit" and "deny" statement. To my understanding there is no other way to use an "object-group" other than to use it as a source or destination of a permit or deny statement. The contents under the "object-group" will be used, nothing else.
I am not sure what the exact requirement in the above is but I would imagine it would be something like this
access-list ACL remark Deny all traffic to Corp_NET
access-list ACL deny ip any object-group Corp_NET
access-list ACL remark Allow all other traffic
access-list ACL permit ip any any
Naturally the above would a pretty simple example of a situation where you want to block traffic from behind some interface to a corporate network and then allow all other traffic.
I was also wanting to find a way to invert (or not) an object-group. My use case is to deny access to the internet. It would be difficult to put an object group together that has all public IP space. It would be easier to make a group that has all private IP space, and permit everything that doesn't match.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :