Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
510
Views
4
Helpful
7
Replies

Object grouping: This config look right?

Go to solution
thecoffeeguy
Level 1
Level 1

‎03-01-2007 01:14 PM - edited ‎03-11-2019 02:40 AM

Alright...powering through ASA 101. I just want to confirm THIS will work.

I need to create a object-group with some IP's so I can make my ACL list more readable.

Here it is:

conf t

object-group network VENDOR

descriptiong Vendor IP Address range

network object host 192.16.5.1

network object host 192.16.5.2

and so forth. I have 7 IP addresses to add.

At the end, when I put all the IP address in,

write terminal?

Thanks.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
joe-martin
Level 1
Level 1
In response to thecoffeeguy

‎03-01-2007 05:20 PM

the "host" keyword tells it that you are defining a specific host rather than a subnet.

So you could essentially configure it as:

network-object 104.50.255.5 255.255.255.255

or the shorter/better way:

network-object host 104.50.255.5

HTH,

Joe Martin

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎03-01-2007 01:28 PM

Hi

Yes it looks fine. You can use it as such

access-list acl_in permit tcp object-group VENDOR host 172.16.5.1 eq 23

HTH

Jon

Go to solution
thecoffeeguy
Level 1
Level 1
In response to Jon Marshall

‎03-01-2007 01:52 PM

Thanks Jon.

Just wanted to be sure, so i didn't blow something up on the ASA. :)

This may sound silly, but once I make the changes, to they automatically get written to RAM?

Would I need to do a "write" to get into NVRAM?

Lastly, even though I am creating this object now, it is not going to be applied just yet. Is that ok? Will it not go into effect until I put it into a ACL?

Thanks.

0 Helpful

Go to solution
joe-martin
Level 1
Level 1
In response to thecoffeeguy

‎03-01-2007 03:28 PM

two quick things...

yes, you need to write mem to save the object-group into the config and...

no, it will not affect the ACL...assuming that you have actuallt created a new, unused object-group... i only say that because I have seen people think they were creating a new object group bu they were actually changing an existing object group...

Just check a head of time that the object group name that you want to use is not already being used...

0 Helpful

Go to solution
thecoffeeguy
Level 1
Level 1
In response to joe-martin

‎03-01-2007 03:35 PM

Got it.

'write mem' best way to save?

For the object-group, I made sure the name was not being used previously. All set and GTG there.

Thanks!

0 Helpful

Go to solution
thecoffeeguy
Level 1
Level 1
In response to thecoffeeguy

‎03-01-2007 04:18 PM

One other thing I forgot to mention.

When looking at the config, after I entered the objects, I am wondering if I forgot to put the netmask.

I see:

network-object host 104.50.25.5

Should it be:

network-object host 104.50.25.5 255.255.255.255

to match that IP explicitly?

I would think so.

What is the best way to correct this? Thanks.

Jas

0 Helpful

Go to solution
joe-martin
Level 1
Level 1
In response to thecoffeeguy

‎03-01-2007 05:20 PM

the "host" keyword tells it that you are defining a specific host rather than a subnet.

So you could essentially configure it as:

network-object 104.50.255.5 255.255.255.255

or the shorter/better way:

network-object host 104.50.255.5

HTH,

Joe Martin

0 Helpful

Go to solution
thecoffeeguy
Level 1
Level 1
In response to joe-martin

‎03-01-2007 05:24 PM

Got it.

That makes sense.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card