Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Object grouping: This config look right?

Alright...powering through ASA 101. I just want to confirm THIS will work.

I need to create a object-group with some IP's so I can make my ACL list more readable.

Here it is:

conf t

object-group network VENDOR

descriptiong Vendor IP Address range

network object host 192.16.5.1

network object host 192.16.5.2

and so forth. I have 7 IP addresses to add.

At the end, when I put all the IP address in,

write terminal?

Thanks.

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: Object grouping: This config look right?

the "host" keyword tells it that you are defining a specific host rather than a subnet.

So you could essentially configure it as:

network-object 104.50.255.5 255.255.255.255

or the shorter/better way:

network-object host 104.50.255.5

HTH,

Joe Martin

7 REPLIES
Hall of Fame Super Blue

Re: Object grouping: This config look right?

Hi

Yes it looks fine. You can use it as such

access-list acl_in permit tcp object-group VENDOR host 172.16.5.1 eq 23

HTH

Jon

New Member

Re: Object grouping: This config look right?

Thanks Jon.

Just wanted to be sure, so i didn't blow something up on the ASA. :)

This may sound silly, but once I make the changes, to they automatically get written to RAM?

Would I need to do a "write" to get into NVRAM?

Lastly, even though I am creating this object now, it is not going to be applied just yet. Is that ok? Will it not go into effect until I put it into a ACL?

Thanks.

New Member

Re: Object grouping: This config look right?

two quick things...

yes, you need to write mem to save the object-group into the config and...

no, it will not affect the ACL...assuming that you have actuallt created a new, unused object-group... i only say that because I have seen people think they were creating a new object group bu they were actually changing an existing object group...

Just check a head of time that the object group name that you want to use is not already being used...

New Member

Re: Object grouping: This config look right?

Got it.

'write mem' best way to save?

For the object-group, I made sure the name was not being used previously. All set and GTG there.

Thanks!

New Member

Re: Object grouping: This config look right?

One other thing I forgot to mention.

When looking at the config, after I entered the objects, I am wondering if I forgot to put the netmask.

I see:

network-object host 104.50.25.5

Should it be:

network-object host 104.50.25.5 255.255.255.255

to match that IP explicitly?

I would think so.

What is the best way to correct this? Thanks.

Jas

New Member

Re: Object grouping: This config look right?

the "host" keyword tells it that you are defining a specific host rather than a subnet.

So you could essentially configure it as:

network-object 104.50.255.5 255.255.255.255

or the shorter/better way:

network-object host 104.50.255.5

HTH,

Joe Martin

New Member

Re: Object grouping: This config look right?

Got it.

That makes sense.

147
Views
4
Helpful
7
Replies
CreatePlease login to create content