Can someone please show me how to add existing network objects to existing access control lists in a network object group using the cli in the asa version 9.x on the inside interface? The source is an already existing network object and the destination is an existing network object group. Thanks.
Well if the existing "access-list" rule has an "object-group network " as the destination and you want to add another host to the "object-group" then you could do this
What I undertood is that you have the following already
An "access-list" that is attached to the "inside" interface
An existing "object network " configured that will be used as the source for the "access-list" rule
An existing "object-group network " configured that will be used as the destination for the "access-list" rule
If the above is true then you would simply configure
access-list permit ip object
The above though would permit all TCP/UDP traffic
If you want to only allow specific ports for either TCP or UDP then you would use the format
access-list permit tcp object
access-list permit udp object
Naturally if you want to allow multiple ports there would be further ways to group those ports together also inside "object-group" to make the configuration smaller/cleaner.
Please let me know if you were looking for something else and I missunderstood
Well if the existing "access-list" rule has an "object-group network " as the destination and you want to add another host to the "object-group" then you could do this
