Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Difference between object and object group

 

Hi Everyone,

 

ASA1#                             sh run object
object network Sales
 subnet 10.12.12.0 255.255.255.0




ASA1# sh run object-group
object-group service 123
 service-object udp source eq 1900
object-group service 1900 udp
 port-object eq 1900
object-group network sales
 network-object 10.12.12.0 255.255.255.0
object-group network vpn_pool_ip
 network-object 10.10.10.0 255.255.255.0
object-group network inside
 network-object 10.0.0.0 255.255.255.0
 network-object 192.168.50.0 255.255.255.0
 network-object 10.1.0.0 255.255.0.0
object-group network VPN_Access
 network-object 10.10.10.0 255.255.255.0
object-group service DNS_servers
 service-object udp destination eq domain
object-group network DNS_SERVERS
 network-object host 64.59.144.19
 network-object host 4.2.2.2
object-group network FTP_EPSON
 network-object host 63.73.69.140
 network-object host 69.164.87.20
 network-object host 69.164.87.37

Need to understand what is difference between object and object group here?

as under object network we can have host,subnet or range of IP addresses  but object group can also have IP addresses under it.

 

Regards

MAhesh

 

  • Firewalling
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

- object just contains a

- object just contains a single type of object, whether it's network object (single IP address or subnet), or service object (tcp port(s), protocol, udp port(s)).

- object group contains a group of objects, so you can combine all the same type of objects into a group, eg: a single IP, subnets, different subnets, different IP into one network object-group.

2 REPLIES
Cisco Employee

- object just contains a

- object just contains a single type of object, whether it's network object (single IP address or subnet), or service object (tcp port(s), protocol, udp port(s)).

- object group contains a group of objects, so you can combine all the same type of objects into a group, eg: a single IP, subnets, different subnets, different IP into one network object-group.

New Member

 Hi Jennifer, i tested and

 

Hi Jennifer,

 

i tested and found that object contains single variable it can be either IP,subnet or range.

i tested it as below

 

ASA1#                                     sh run object
object network Test1
 host 8.8.8.8
ASA1#  config t
ASA1(config)# obj
ASA1(config)# object net
ASA1(config)# object network Test1
ASA1(config-network-object)# host 3.3.3.3
ASA1(config-network-object)# sub
ASA1(config-network-object)# subnet ?

network-object mode commands/options:
  A.B.C.D             Enter an IPV4 network address
  X:X:X:X::X/<0-128>  Enter an IPv6 prefix
ASA1(config-network-object)# subnet 2.2.2.0 255.255.255.0
ASA1(config-network-object)# end
ASA1# sh run obh
ASA1# sh run obj
ASA1# sh run object
object network Test1
 subnet 2.2.2.0 255.255.255.0

 

I understand it now.

Best Regards

MAhesh

3539
Views
0
Helpful
2
Replies