Configure Service Objects And Service Groups; Configure A Service Object - Cisco ASA Series Configuration Manual

Configure Objects
hostname (config-protocol)# network-object host 10.2.2.4
hostname (config-protocol)# network-object host 10.2.2.78
hostname (config-protocol)# network-object host 10.2.2.34
Create network object groups for privileged users from various departments by entering the following
commands:
hostname (config)# object-group network eng
hostname (config-network)# network-object host 10.1.1.5
hostname (config-network)# network-object host 10.1.1.9
hostname (config-network)# network-object host 10.1.1.89
hostname (config)# object-group network hr
hostname (config-network)# network-object host 10.1.2.8
hostname (config-network)# network-object host 10.1.2.12
hostname (config)# object-group network finance
hostname (config-network)# network-object host 10.1.4.89
hostname (config-network)# network-object host 10.1.4.100
You then nest all three groups together as follows:
hostname (config)# object-group network admin
hostname (config-network)# group-object eng
hostname (config-network)# group-object hr
hostname (config-network)# group-object finance

Configure Service Objects and Service Groups

Service objects and groups identify protocols and ports. Use these objects in access control lists to
simplify your rules.
•
•

Configure a Service Object

A service object can contain a single protocol, ICMP, ICMPv6, TCP or UDP port or port ranges.
Procedure
Create or edit a service object using the object name.
Step 1
ciscoasa(config)# object service object_name
Example
hostname(config)# object service web
Add a service to the object using one of the following commands. Use the no form of the command to
Step 2
remove an object.
•
Cisco ASA Series Firewall CLI Configuration Guide
2-4
Configure a Service Object, page 2-4
Configure a Service Group, page 2-5
service protocol—The name or number (0-255) of an IP protocol. Specify ip to apply to all
protocols.
Chapter 2 Objects for Access Control