EasyManuals Logo
Home>Cisco>Firewall>ASA 5512-X

Cisco ASA 5512-X Configuration Guide

Cisco ASA 5512-X
428 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #14 background imageLoading...
Page #14 background image
2-2
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 2 Objects for Access Control
Configure Objects
Configure Objects
The following sections describe how to configure objects that are primarily used on access control.
• Configure Network Objects and Groups, page 2-2
• Configure Service Objects and Service Groups, page 2-4
• Configure Local User Groups, page 2-7
• Configure Security Group Object Groups, page 2-8
• Configure Time Ranges, page 2-9
Configure Network Objects and Groups
Network objects and groups identify IP addresses or host names. Use these objects in access control lists
to simplify your rules.
• Configure a Network Object, page 2-2
• Configure a Network Object Group, page 2-3
Configure a Network Object
A network object can contain a host, a network IP address, a range of IP addresses, or a fully qualified
domain name (FQDN).
You can also enable NAT rules on the object (excepting FQDN objects). See the firewall configuration
guide for more information about configuring object NAT.
Procedure
Step 1 Create or edit a network object using the object name.
hostname(config)# object network object_name
Example
hostname(config)# object network email-server
Step 2 Add an address to the object using one of the following commands. Use the no form of the command to
remove the object.
• host {IPv4_address | IPv6_address}—The IPv4 or IPv6 address of a single host. For example,
10.1.1.1 or 2001:DB8::0DB8:800:200C:417A.
• subnet {IPv4_address IPv4_mask | IPv6_address/IPv6_prefix}—The address of a network. For
IPv4 subnets, include the mask after a space, for example, 10.0.0.0 255.0.0.0. For IPv6, include the
address and prefix as a single unit (no spaces), such as 2001:DB8:0:CD30::/60.
• range start_address end_address—A range of addresses. You can specify IPv4 or IPv6 ranges. Do
not include masks or prefixes.
• fqdn [v4 | v6] fully_qualified_domain_name—A fully-qualified domain name, that is, the name of
a host, such as www.example.com. Specify v4 to limit the address to IPv4, and v6 for IPv6. If you
do not specify an address type, IPv4 is assumed.
Example

Table of Contents

Other manuals for Cisco ASA 5512-X

Preview: Quick Start Guide
Quick Start Guide14 pages
Preview: Cli Configuration Guide
Cli Configuration Guide2164 pages
Preview: Hardware Installation Guide
Hardware Installation Guide74 pages
Preview: Software Guide
Software Guide37 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco ASA 5512-X and is the answer not in the manual?

Cisco ASA 5512-X Specifications

General IconGeneral
BrandCisco
ModelASA 5512-X
CategoryFirewall
LanguageEnglish

Related product manuals