Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2624
Views
0
Helpful
2
Replies

ASA 5520: Creating host objects via CLI

Go to solution
dan
Level 1
Level 1

‎11-04-2011 10:20 AM - edited ‎03-11-2019 02:46 PM

I am trying to create host objects that I'll then add to network-object groups for use in ACL/ACEs.

When I try to create a host I am having trouble adding the IP address. I'm using the commands as found in guide for CLI on 5500 series:

(config) object network danworkstation

(config-network) host 172.16.1.50

I then get an error saying the host name must start and end with letters or numbers and only contain letters or numbers.

What do I need to do to create hosts from CLI?

Another question:


Once I create several hosts can I add them to a object-group using the object names?

example: I create hosts, danworksstation, steveworkstation, bobworkstation.

Can I then use those names to add them to an object-group named telnet-users?

(config) object-group network telnet-users

(config-network) network-object host danworkstation

(config-network) network-object host steveworkstation

etc.

Thanks,


Dan

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
varrao
Level 10
Level 10

‎11-04-2011 10:31 AM

Hi Dan,

What code are you running on ASA??

If its pre 8.3, you need to refer this:

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/no.html#wp1772354

If its post 8.3:

http://www.cisco.com/en/US/partner/docs/security/asa/asa84/command/reference/no.html#wp1819044

In post 8.3, under object-gtroups you can definitely use the name of the object as shown to you in the previous thread. it should not be any problem.

Hope that helps.

Thanks,

Varun

Thanks,
Varun Rao

View solution in original post

0 Helpful

Go to solution
caseth0102
Level 1
Level 1

‎11-04-2011 11:50 AM

You have to use the 'name' cmd first, binding the IP -> name, then create the obj-grp and include them. Let me know, thanks.

!---start

name 1.1.1.1 testwkstn-1

name 1.1.1.2 testwkstn-2

name 1.1.1.3 testwkstn-3

!

object-group network telnet-users

network-object host testwkstn-1

network-object host testwkstn-2

network-object host testwkstn-3

!---end

View solution in original post

0 Helpful
2 Replies 2

Go to solution
varrao
Level 10
Level 10

‎11-04-2011 10:31 AM

Hi Dan,

What code are you running on ASA??

If its pre 8.3, you need to refer this:

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/no.html#wp1772354

If its post 8.3:

http://www.cisco.com/en/US/partner/docs/security/asa/asa84/command/reference/no.html#wp1819044

In post 8.3, under object-gtroups you can definitely use the name of the object as shown to you in the previous thread. it should not be any problem.

Hope that helps.

Thanks,

Varun

Thanks,
Varun Rao
0 Helpful

Go to solution
caseth0102
Level 1
Level 1

‎11-04-2011 11:50 AM

You have to use the 'name' cmd first, binding the IP -> name, then create the obj-grp and include them. Let me know, thanks.

!---start

name 1.1.1.1 testwkstn-1

name 1.1.1.2 testwkstn-2

name 1.1.1.3 testwkstn-3

!

object-group network telnet-users

network-object host testwkstn-1

network-object host testwkstn-2

network-object host testwkstn-3

!---end

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card