Objects For Access Control; Guidelines For Objects - Cisco ASA Series Configuration Manual
Firewall cli, asa services module, and the adaptive security virtual appliance
Hide thumbs
Also See for ASA Series:
- Cli configuration manual (2164 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Objects for Access Control
Objects are reusable components for use in your configuration. You can define and use them in Cisco
ASA configurations in the place of inline IP addresses, services, names, and so on. Objects make it easy
to maintain your configurations because you can modify an object in one place and have it be reflected
in all other places that are referencing it. Without objects you would have to modify the parameters for
every feature when required, instead of just once. For example, if a network object defines an IP address
and subnet mask, and you want to change the address, you only need to change it in the object definition,
not in every feature that refers to that IP address.
•
•
•
•
Guidelines for Objects
IPv6 Guidelines
Supports IPv6 with the following restrictions:
•
•
Additional Guidelines and Limitations
•
•
•
Guidelines for Objects, page 2-1
Configure Objects, page 2-2
Monitoring Objects, page 2-10
History for Objects, page 2-11
The ASA does not support IPv6 nested network object groups, so you cannot group an object with
IPv6 entries under another IPv6 object group.
You can mix IPv4 and IPv6 entries in a network object group; you cannot use a mixed object group
for NAT.
Objects must have unique names, because objects and object groups share the same name space.
While you might want to create a network object group named "Engineering" and a service object
group named "Engineering," you need to add an identifier (or "tag") to the end of at least one object
group name to make it unique. For example, you can use the names "Engineering_admins" and
"Engineering_hosts" to make the object group names unique and to aid in identification.
Object names are limited to 64 characters, including letters, numbers, and these characters:
.!@#$%^&()-_{}. Object names are case-sensitive.
You cannot remove an object or make an object empty if it is used in a command, unless you enable
forward referencing (the forward-reference enable command).
C H A P T E R
Cisco ASA Series Firewall CLI Configuration Guide
2
2-1
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
