Create Network object in ASA

Unanswered Question
Apr 6th, 2008

Hi all,

The method to create network object make me quite confuse that if I create network object by ASDM, it is success. But if I use CLI in create network object, it seems fail. Attach is the screen dump for your reference. Any one has idea ? Thank you !

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

acbenny,

Object groups are extremely easy. You just have to have and idea of how you want your ACLs to look. Object groups are just cosmetic when it comes down to it.

Just for the sake of putting it out there, you can create a few different types of object groups. They are: ICMP-Type, Network, Protocol, and Service. You can also do what is called nesting, but only with similar object group types.

You'll first start by creating one. Below is an example:

** This is if you have any systems pre-configured to names

(config)#names

(config)#name 10.1.1.10 myFTPserver

(config)#object-group network ftp_servers

(config-network)#network-object host 10.1.1.14

(config-network)#network-object host myFTPserver

(config-network)#network-object 10.1.1.32 255.255.255.224

(config-network)#exit

Once you've created your object group, you will need to use it within your ACL. It will look something like this:

(config)#access-list 101 permit ip any object-group ftp_servers

if you only want a specific protocol, say these are associated to FTP, then you should specify it.

(config)#access-list 101 permit tcp any object-group ftp_servers eq ftp

I hope this assists.

As an FYI, I'm just taking this straight from the cisco documentation: http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00800d641d.shtml

Actions

This Discussion