Configure Objects; Configure Network Objects And Groups; Configure A Network Object - Cisco ASA Series Configuration Manual
Firewall cli, asa services module, and the adaptive security virtual appliance
Hide thumbs
Also See for ASA Series:
- Cli configuration manual (2164 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Configure Objects
Configure Objects
The following sections describe how to configure objects that are primarily used on access control.
•
•
•
•
•
Configure Network Objects and Groups
Network objects and groups identify IP addresses or host names. Use these objects in access control lists
to simplify your rules.
•
•
Configure a Network Object
A network object can contain a host, a network IP address, a range of IP addresses, or a fully qualified
domain name (FQDN).
You can also enable NAT rules on the object (excepting FQDN objects). See the firewall configuration
guide for more information about configuring object NAT.
Procedure
Create or edit a network object using the object name.
Step 1
hostname(config)# object network object_name
Example
hostname(config)# object network email-server
Add an address to the object using one of the following commands. Use the no form of the command to
Step 2
remove the object.
•
•
•
•
Example
Cisco ASA Series Firewall CLI Configuration Guide
2-2
Configure Network Objects and Groups, page 2-2
Configure Service Objects and Service Groups, page 2-4
Configure Local User Groups, page 2-7
Configure Security Group Object Groups, page 2-8
Configure Time Ranges, page 2-9
Configure a Network Object, page 2-2
Configure a Network Object Group, page 2-3
host {IPv4_address | IPv6_address}—The IPv4 or IPv6 address of a single host. For example,
10.1.1.1 or 2001:DB8::0DB8:800:200C:417A.
subnet {IPv4_address IPv4_mask | IPv6_address/IPv6_prefix}—The address of a network. For
IPv4 subnets, include the mask after a space, for example, 10.0.0.0 255.0.0.0. For IPv6, include the
address and prefix as a single unit (no spaces), such as 2001:DB8:0:CD30::/60.
range start_address end_address—A range of addresses. You can specify IPv4 or IPv6 ranges. Do
not include masks or prefixes.
fqdn [v4 | v6] fully_qualified_domain_name—A fully-qualified domain name, that is, the name of
a host, such as www.example.com. Specify v4 to limit the address to IPv4, and v6 for IPv6. If you
do not specify an address type, IPv4 is assumed.
Chapter 2
Objects for Access Control
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
