Cisco ASA Object-Group

Thursday, March 15, 2012

Cisco ASA Object-Group

What is an object group?
It allows you to group ports and protocols within a group and simplifies your ACL and how many ACLs you require.

How to view an object group.

CISCOASA# show run object-group id OBJECT_GROUP_NAME
object-group service OBJECT_GROUP_NAME tcp
description testing ports
port-object range 4000 4999
port-object range 8000 8999
port-object eq 25570
port-object range 5000 5999
port-object range 21000 21999
port-object eq 30101
port-object range 30005 30006
port-object eq 19420
port-object eq 19720
port-object eq 19920
CISCOASA#

Some examples of an object group in use.

access-list from-switchch extended permit udp any 172.200.18.0 255.255.255.0 object-group OBJECT_GROUP_NAME

access-list from-switchch extended permit tcp any 172.200.18.0 255.255.255.0 object-group OBJECT_GROUP_NAME

Joel Mercado - CCENT,CCNA,CCNP & Working on CCIE

Thursday, March 15, 2012

Cisco ASA Object-Group

No comments:

Post a Comment