2-4
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 2 Objects for Access Control
Configure Objects
hostname (config-protocol)# network-object host 10.2.2.4
hostname (config-protocol)# network-object host 10.2.2.78
hostname (config-protocol)# network-object host 10.2.2.34
Create network object groups for privileged users from various departments by entering the following
commands:
hostname (config)# object-group network eng
hostname (config-network)# network-object host 10.1.1.5
hostname (config-network)# network-object host 10.1.1.9
hostname (config-network)# network-object host 10.1.1.89
hostname (config)# object-group network hr
hostname (config-network)# network-object host 10.1.2.8
hostname (config-network)# network-object host 10.1.2.12
hostname (config)# object-group network finance
hostname (config-network)# network-object host 10.1.4.89
hostname (config-network)# network-object host 10.1.4.100
You then nest all three groups together as follows:
hostname (config)# object-group network admin
hostname (config-network)# group-object eng
hostname (config-network)# group-object hr
hostname (config-network)# group-object finance
Configure Service Objects and Service Groups
Service objects and groups identify protocols and ports. Use these objects in access control lists to
simplify your rules.
• Configure a Service Object, page 2-4
• Configure a Service Group, page 2-5
Configure a Service Object
A service object can contain a single protocol, ICMP, ICMPv6, TCP or UDP port or port ranges.
Procedure
Step 1 Create or edit a service object using the object name.
ciscoasa(config)# object service object_name
Example
hostname(config)# object service web
Step 2 Add a service to the object using one of the following commands. Use the no form of the command to
remove an object.
• service protocol—The name or number (0-255) of an IP protocol. Specify ip to apply to all
protocols.
To Next Page
Loading...
Need help?
General
