EasyManuals Logo
Home>Cisco>Firewall>ASA 5512-X

Cisco ASA 5512-X Configuration Guide

Cisco ASA 5512-X
428 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #17 background imageLoading...
Page #17 background image
2-5
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 2 Objects for Access Control
Configure Objects
• service {icmp | icmp6} [icmp-type [icmp_code]]—For ICMP or ICMP version 6 messages. You can
optionally specify the ICMP type by name or number (0-255) to limit the object to that message
type. If you specify a type, you can optionally specify an ICMP code for that type (1-255). If you
do not specify the code, then all codes are used.
• service {tcp | udp} [source operator port] [destination operator port]—For TCP or UDP. You can
optionally specify ports for the source, destination, or both. You can specify the port by name or
number. The operator can be one of the following:
–
lt—less than.
–
gt—greater than.
–
eq—equal to.
–
neq—not equal to.
–
range—an inclusive range of values. When you use this operator, specify two port numbers, for
example, range 100 200.
Example
hostname(config-service-object)# service tcp destination eq http
Step 3 (Optional) Add a description.
hostname(config-service-object)# description string
Configure a Service Group
A service object group includes a mix of protocols, if desired, including optional source and destination
ports for TCP or UDP.
Before You Begin
You can model all services using the generic service object group, which is explained here. However,
you can still configure the types of service group objects that were available prior to ASA 8.3(1). These
legacy objects include TCP/UDP/TCP-UDP port groups, protocol groups, and ICMP groups. The
contents of these groups are equivalent to the associated configuration in the generic service object
group, with the exception of ICMP groups, which do not support ICMP6 or ICMP codes. If you still want
to use these legacy objects, for detailed instructions, see the object-service command description in the
command reference on Cisco.com.
Procedure
Step 1 Create or edit a service object group using the object name.
ciscoasa(config)# object-group service group_name
Example
hostname(config)# object-group service general-services
Step 2 Add objects and services to the service object group using one or more of the following commands. Use
the no form of the command to remove an object.
• service-object protocol—The name or number (0-255) of an IP protocol. Specify ip to apply to all
protocols.

Table of Contents

Other manuals for Cisco ASA 5512-X

Preview: Quick Start Guide
Quick Start Guide14 pages
Preview: Cli Configuration Guide
Cli Configuration Guide2164 pages
Preview: Hardware Installation Guide
Hardware Installation Guide74 pages
Preview: Software Guide
Software Guide37 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco ASA 5512-X and is the answer not in the manual?

Cisco ASA 5512-X Specifications

General IconGeneral
BrandCisco
ModelASA 5512-X
CategoryFirewall
LanguageEnglish

Related product manuals