Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

dan
New Member

ASA 5520: Creating host objects via CLI

I am trying to create host objects that I'll then add to network-object groups for use in ACL/ACEs.

When I try to create a host I am having trouble adding the IP address. I'm using the commands as found in guide for CLI on 5500 series:

(config) object network danworkstation

(config-network) host 172.16.1.50

I then get an error saying the host name must start and end with letters or numbers and only contain letters or numbers.

What do I need to do to create hosts from CLI?

Another question:


Once I create several hosts can I add them to a object-group using the object names?

example: I create hosts, danworksstation, steveworkstation, bobworkstation.

Can I then use those names to add them to an object-group named telnet-users?

(config) object-group network telnet-users

(config-network) network-object host danworkstation

(config-network) network-object host steveworkstation

etc.

Thanks,


Dan

2 ACCEPTED SOLUTIONS

Accepted Solutions
Red

ASA 5520: Creating host objects via CLI

Hi Dan,

What code are you running on ASA??

If its pre 8.3, you need to refer this:

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/no.html#wp1772354

If its post 8.3:

http://www.cisco.com/en/US/partner/docs/security/asa/asa84/command/reference/no.html#wp1819044

In post 8.3, under object-gtroups you can definitely use the name of the object as shown to you in the previous thread. it should not be any problem.

Hope that helps.

Thanks,

Varun

Thanks, Varun Rao Security Team, Cisco TAC
New Member

ASA 5520: Creating host objects via CLI

You have to use the 'name' cmd first, binding the IP -> name, then create the obj-grp and include them. Let me know, thanks.

!---start

name 1.1.1.1 testwkstn-1

name 1.1.1.2 testwkstn-2

name 1.1.1.3 testwkstn-3

!

object-group network telnet-users

network-object host testwkstn-1

network-object host testwkstn-2

network-object host testwkstn-3

!---end

2 REPLIES
Red

ASA 5520: Creating host objects via CLI

Hi Dan,

What code are you running on ASA??

If its pre 8.3, you need to refer this:

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/no.html#wp1772354

If its post 8.3:

http://www.cisco.com/en/US/partner/docs/security/asa/asa84/command/reference/no.html#wp1819044

In post 8.3, under object-gtroups you can definitely use the name of the object as shown to you in the previous thread. it should not be any problem.

Hope that helps.

Thanks,

Varun

Thanks, Varun Rao Security Team, Cisco TAC
New Member

ASA 5520: Creating host objects via CLI

You have to use the 'name' cmd first, binding the IP -> name, then create the obj-grp and include them. Let me know, thanks.

!---start

name 1.1.1.1 testwkstn-1

name 1.1.1.2 testwkstn-2

name 1.1.1.3 testwkstn-3

!

object-group network telnet-users

network-object host testwkstn-1

network-object host testwkstn-2

network-object host testwkstn-3

!---end

955
Views
0
Helpful
2
Replies