Configure A Network Object Group - Cisco ASA Series Configuration Manual
Firewall cli, asa services module, and the adaptive security virtual appliance
Hide thumbs
Also See for ASA Series:
- Cli configuration manual (2164 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Chapter 2
Objects for Access Control
hostname(config-network-object)# host 10.2.2.2
(Optional) Add a description.
Step 3
hostname(config-network-object)# description string
Configure a Network Object Group
Network object groups can contain multiple network objects as well as inline networks or hosts. Network
object groups can include a mix of both IPv4 and IPv6 addresses.
However, you cannot use a mixed IPv4 and IPv6 object group for NAT, or object groups that include
FQDN objects.
Procedure
Step 1
Create or edit a network object group using the object name.
ciscoasa(config)# object-group network group_name
Example
hostname(config)# object-group network admin
Step 2
Add objects and addresses to the network object group using one or more of the following commands.
Use the no form of the command to remove an object.
•
•
•
•
Example
hostname(config-network-object-group)# network-object 10.1.1.0 255.255.255.0
hostname(config-network-object-group)# network-object 2001:db8:0:cd30::/60
hostname(config-network-object-group)# network-object host 10.1.1.1
hostname(config-network-object-group)# network-object host 2001:DB8::0DB8:800:200C:417A
hostname(config-network-object-group)# network-object object existing-object-1
hostname(config-network-object-group)# group-object existing-network-object-group
(Optional) Add a description.
Step 3
hostname(config-network-object-group)# description string
Example
To create a network group that includes the IP addresses of three administrators, enter the following
commands:
hostname (config)# object-group network admins
hostname (config-protocol)# description Administrator Addresses
network-object host {IPv4_address | IPv6_address}—The IPv4 or IPv6 address of a single host.
For example, 10.1.1.1 or 2001:DB8::0DB8:800:200C:417A.
network-object {IPv4_address IPv4_mask | IPv6_address/IPv6_prefix}—The address of a network
or host. For IPv4 subnets, include the mask after a space, for example, 10.0.0.0 255.0.0.0. For IPv6,
include the address and prefix as a single unit (no spaces), such as 2001:DB8:0:CD30::/60.
network-object object object_name—The name of an existing network object.
group-object object_group_name—The name of an existing network object group.
Cisco ASA Series Firewall CLI Configuration Guide
Configure Objects
2-3
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
