Filter
Top Products
19-2
Cisco ASDM User Guide
OL-16647-01
Chapter 19 Adding Global Objects
Using Network Objects and Groups
Network Object Overview
Network objects let you predefine host and network IP addresses so that you can streamline subsequent
configuration. When you configure the security policy, such as an access rule or a AAA rule, you can
choose these predefined addresses instead of typing them in manually. Moreover, if you change the
definition of an object, the change is inherited automatically by any rules using the object.
You can add network objects manually, or you can let ASDM automatically create objects from existing
configuration, such as access rules and AAA rules. If you edit one of these derived objects, it persists
even if you later delete the rule that used it. Otherwise, derived objects only reflect the current
configuration if you refresh.
A network object group is a group containing multiple hosts and networks together. A network object
group can also contain other network object groups. You can then specify the network object group as
the source address or destination address in an access rule.
When you are configuring rules, the ASDM window includes an Addresses side pane at the right that
shows available network objects and network object groups; you can add, edit, or delete objects directly
in the Addresses pane. You can also drag additional network objects and groups from the Addresses pane
to the source or destination of a selected access rule.
Configuring a Network Object
To configure a network object, perform the following steps:
Step 1 In the Configuration > Firewall > Objects > Network Objects/Group pane, click Add > Network Object
to add a new object, or choose an object and click Edit.
You can also add or edit network objects from the Addresses side pane in a rules window, or when you
are adding a rule.
To find an object in the list, enter a name or IP address in the Filter field and click Filter. The wildcard
characters asterisk (*) and question mark (?) are allowed.
The Add/Edit Network Object dialog box appears.
Step 2 Fill in the following values:
• Name—(Optional) The object name. Use characters a to z, A to Z, 0 to 9, a dot, a dash, or an
underscore. The name must be 64 characters or less.
• IP Address—The IP address, either a host or network address.
• Netmask—The subnet mask for the IP address.
• Description—(Optional) The description of the network object.
Step 3 Click OK.
You can now use this network object when you create a rule. For an edited object, the change is inherited
automatically by any rules using the object.
Note You cannot delete a network object that is in use.