Cisco ASA Series Configuration Manual page 18
Firewall cli, asa services module, and the adaptive security virtual appliance
Hide thumbs
Also See for ASA Series:
- Cli configuration manual (2164 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Configure Objects
service-object {icmp | icmp6} [icmp-type [icmp_code]]—For ICMP or ICMP version 6 messages.
•
You can optionally specify the ICMP type by name or number (0-255) to limit the object to that
message type. If you specify a type, you can optionally specify an ICMP code for that type (1-255).
If you do not specify the code, then all codes are used.
service-object {tcp | udp | tcp-udp} [source operator port] [destination operator port]—For TCP,
•
UDP, or both. You can optionally specify ports for the source, destination, or both. You can specify
the port by name or number. The operator can be one of the following:
–
–
–
–
–
service-object object object_name—The name of an existing service object.
•
group-object object_group_name—The name of an existing service object group.
•
Example
hostname(config-service-object-group)# service-object ipsec
hostname(config-service-object-group)# service-object tcp destination eq domain
hostname(config-service-object-group)# service-object icmp echo
hostname(config-service-object-group)# service-object object my-service
hostname(config-service-object-group)# group-object Engineering_groups
(Optional) Add a description.
Step 3
hostname(config-service-object-group)# description string
Examples
The following example shows how to add both TCP and UDP services to a service object group:
hostname(config)# object-group service CommonApps
hostname(config-service-object-group)# service-object tcp destination eq ftp
hostname(config-service-object-group)# service-object tcp-udp destination eq www
hostname(config-service-object-group)# service-object tcp destination eq h323
hostname(config-service-object-group)# service-object tcp destination eq https
hostname(config-service-object-group)# service-object udp destination eq ntp
The following example shows how to add multiple service objects to a service object group:
hostname(config)# object service SSH
hostname(config-service-object)# service tcp destination eq ssh
hostname(config)# object service EIGRP
hostname(config-service-object)# service eigrp
hostname(config)# object service HTTPS
hostname(config-service-object)# service tcp source range 1 1024 destination eq https
hostname(config)# object-group service Group1
hostname(config-service-object-group)# service-object object SSH
hostname(config-service-object-group)# service-object object EIGRP
hostname(config-service-object-group)# service-object object HTTPS
Cisco ASA Series Firewall CLI Configuration Guide
2-6
lt—less than.
gt—greater than.
eq—equal to.
neq—not equal to.
range—an inclusive range of values. When you use this operator, specify two port numbers, for
example, range 100 200.
Chapter 2
Objects for Access Control
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
