×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

ASA 5520: Adding network objects via CLI

Answered Question

Hi (again),


I'm working with ASA 5520s. I am trying to figure out how to add network objects via CLI. I know I could easily do it using ASDM, but I like to learn the hardway first.


Question: How do I add the subnet mask for a network object when creating via CLI?


Here's how I'm creating the obejcts:


config t


object-group network telnet-users-group

description users allowed telnet access outbound

network-object host 172.16.25.50

network-object hosts 172.16.25.51


That sets up the hosts with IP addresses, but how do I add the subnet mask?


Thanks,


Dan

Correct Answer by varrao about 5 years 9 months ago

Hi Dan,


You do not need to it for a single host, the firewall takes it to be 255.255.255.255, but if you are adding a network or subnet then you can, for it you can add:


object network test

  subnet 20.0.0.0 255.0.0.0



object network test1

  subnet 10.0.0.0 255.0.0.0



object-group network test-group

network-object object test

network-object object test1


Hope that helps.


Thanks,

Varun

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
varrao Fri, 11/04/2011 - 09:37
User Badges:
  • Red, 2250 points or more

Hi Dan,


You do not need to it for a single host, the firewall takes it to be 255.255.255.255, but if you are adding a network or subnet then you can, for it you can add:


object network test

  subnet 20.0.0.0 255.0.0.0



object network test1

  subnet 10.0.0.0 255.0.0.0



object-group network test-group

network-object object test

network-object object test1


Hope that helps.


Thanks,

Varun

Actions

This Discussion