Filter
Top Products
20-3
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 20 Configuring Objects
Configuring Network Objects and Groups
• IP Address—An IPv4 or an IPv6 address, either a host or network address. When you enter a colon
(:) in this field for an IPv6 address, the Netmask field changes to Prefix Length. If you select Range
as the object type, the IP Address field changes to allow you to enter a Start Address and an End
address.
• Netmask or Prefix Length—If the IP address is an IPv4 address, enter the subnet mask. If the IP
address is an IPv6 address, enter the prefix. (This field is not available if you enter the object type
as Host.)
• Description—(Optional) The description of the network object (up to 200 characters in length).
Note To add NAT rules to the network object, see Chapter 33, “Configuring Network Object NAT
(ASA 8.3 and Later),” for more information.
Step 4 Click OK.
Step 5 Click Apply to save the configuration.
You can now use this network object when you create a rule. If you edited an object, the change is
inherited automatically by any rules using the object.
Note You cannot delete a network object that is in use.
Configuring a Network Object Group
For information about network object groups, see the “Network Object Overview” section on page 20-2.
To configure a network object or a network object group, perform the following steps:
Step 1 Choose Configuration > Firewall > Objects > Network Objects/Groups.
Step 2 Click click Add > Network Object Group to add either a new object or a new object group.
You can also add or edit network object groups from the Addresses side pane in a rules window, or when
you add a rule.
To find an object in the list, enter a name or IP address in the Filter field, and click Filter. The wildcard
characters asterisk (*) and question mark (?) are allowed.
The Add Network Object Group dialog box appears.
Step 3 In the Group Name field, enter a group name.
Use characters a to z, A to Z, 0 to 9, a period, a comma, a dash, or an underscore. The name must contain
64 characters or fewer.
Step 4 (Optional) In the Description field, enter a description, up to 200 characters in length.
Step 5 You can add existing objects or groups to the new group (nested groups are allowed), or you can create
a new address to add to the group:
• To add an existing network object or group to the new group, double-click the object in the Existing
Network Objects/Groups pane.
You can also select the object, and then click Add. The object or group is added to the right-hand
Members in Group pane.