Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Modifying PIX Object-Groups

Once an Object-Group is defined and used in an access-list can the Object-Group be modified without removing the access-list from the interface?

Sample:

object-group network OutsideWebServers

network-object host 10.10.10.10

network-object host 10.10.10.11

"access-list Protect_Outside permit tcp any object-group OutsideWebServers eq www"

"access-group Protect_Outside in interface outside"

Can I then add another network-object host 10.10.10.12 to the OutsideWebServers group without removing the access-list from the Outside interface?

1 REPLY
New Member

Re: Modifying PIX Object-Groups

Absolutely. That's why object-groups are so cool. Just add, change, or subtract hosts from the object-group and your access-lists will be updated automatically.

194
Views
0
Helpful
1
Replies
CreatePlease to create content