Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Create Network object in ASA

Hi all,

The method to create network object make me quite confuse that if I create network object by ASDM, it is success. But if I use CLI in create network object, it seems fail. Attach is the screen dump for your reference. Any one has idea ? Thank you !

New Member

Re: Create Network object in ASA


New Member

Re: Create Network object in ASA


Object groups are extremely easy. You just have to have and idea of how you want your ACLs to look. Object groups are just cosmetic when it comes down to it.

Just for the sake of putting it out there, you can create a few different types of object groups. They are: ICMP-Type, Network, Protocol, and Service. You can also do what is called nesting, but only with similar object group types.

You'll first start by creating one. Below is an example:

** This is if you have any systems pre-configured to names


(config)#name myFTPserver

(config)#object-group network ftp_servers

(config-network)#network-object host

(config-network)#network-object host myFTPserver



Once you've created your object group, you will need to use it within your ACL. It will look something like this:

(config)#access-list 101 permit ip any object-group ftp_servers

if you only want a specific protocol, say these are associated to FTP, then you should specify it.

(config)#access-list 101 permit tcp any object-group ftp_servers eq ftp

I hope this assists.

As an FYI, I'm just taking this straight from the cisco documentation: