Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Create Network object in ASA

Hi all,

The method to create network object make me quite confuse that if I create network object by ASDM, it is success. But if I use CLI in create network object, it seems fail. Attach is the screen dump for your reference. Any one has idea ? Thank you !

2 REPLIES
New Member

Re: Create Network object in ASA

Attachment

New Member

Re: Create Network object in ASA

acbenny,

Object groups are extremely easy. You just have to have and idea of how you want your ACLs to look. Object groups are just cosmetic when it comes down to it.

Just for the sake of putting it out there, you can create a few different types of object groups. They are: ICMP-Type, Network, Protocol, and Service. You can also do what is called nesting, but only with similar object group types.

You'll first start by creating one. Below is an example:

** This is if you have any systems pre-configured to names

(config)#names

(config)#name 10.1.1.10 myFTPserver

(config)#object-group network ftp_servers

(config-network)#network-object host 10.1.1.14

(config-network)#network-object host myFTPserver

(config-network)#network-object 10.1.1.32 255.255.255.224

(config-network)#exit

Once you've created your object group, you will need to use it within your ACL. It will look something like this:

(config)#access-list 101 permit ip any object-group ftp_servers

if you only want a specific protocol, say these are associated to FTP, then you should specify it.

(config)#access-list 101 permit tcp any object-group ftp_servers eq ftp

I hope this assists.

As an FYI, I'm just taking this straight from the cisco documentation: http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00800d641d.shtml

458
Views
0
Helpful
2
Replies