Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
244
Views
0
Helpful
1
Replies

PIX object-groups and access-lists question.

svuorilehto
Level 1
Level 1

‎05-13-2004 04:26 AM - edited ‎02-20-2020 11:23 PM

Hi all,

First, I apologize if this issue have been discussed earlier.

I have a PIX with dozens of access-list statements. I would like to simplify this list by using object-groups. F.ex:

In acl I have:

access-list acl-out permit icmp any any echo-reply

access-list acl-out permit icmp any any time-exceeded

access-list acl-out permit icmp any any unreachable

Now when I create object-group for permitted icmp-types:

object-group icmp-type icmp-permitted

icmp-object echo-reply

icmp-object time-exceeded

icmp-object unreachable

And then add a line to my acl:

access-list acl-out permit icmp any any object-group icmp-permitted

Now this does not remove previously configured lines from my config...

So question is; is there some way to do this so that when I create object-group and add it to my acl all previously configured lines which are covered by this new line would be removed?

Thanks in advance,

Saska

0 Helpful
1 Reply 1

jsivulka
Level 5
Level 5

‎05-19-2004 06:41 AM

I guess, manually removing the earlier statements is the only way. I do not remember hearing of a mechanism where redundant ststements are removed automatically.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card