2-3
Cisco ASA Series Firewall CLI Configuration Guide
 
Chapter 2      Objects for Access Control
  Configure Objects
hostname(config-network-object)# host 10.2.2.2 
Step 3 (Optional) Add a description.
hostname(config-network-object)# description string
Configure a Network Object Group
Network object groups can contain multiple network objects as well as inline networks or hosts. Network 
object groups can include a mix of both IPv4 and IPv6 addresses.
However, you cannot use a mixed IPv4 and IPv6 object group for NAT, or object groups that include 
FQDN objects.
Procedure
Step 1 Create or edit a network object group using the object name. 
ciscoasa(config)# object-group network group_name 
Example 
hostname(config)# object-group network admin 
Step 2 Add objects and addresses to the network object group using one or more of the following commands. 
Use the no form of the command to remove an object.
• network-object host {IPv4_address | IPv6_address}—The IPv4 or IPv6 address of a single host. 
For example, 10.1.1.1 or 2001:DB8::0DB8:800:200C:417A.
• network-object {IPv4_address IPv4_mask | IPv6_address/IPv6_prefix}—The address of a network 
or host. For IPv4 subnets, include the mask after a space, for example, 10.0.0.0 255.0.0.0. For IPv6, 
include the address and prefix as a single unit (no spaces), such as 2001:DB8:0:CD30::/60. 
• network-object object object_name—The name of an existing network object.
• group-object object_group_name—The name of an existing network object group.
Example 
hostname(config-network-object-group)# network-object 10.1.1.0 255.255.255.0 
hostname(config-network-object-group)# network-object 2001:db8:0:cd30::/60 
hostname(config-network-object-group)# network-object host 10.1.1.1
hostname(config-network-object-group)# network-object host 2001:DB8::0DB8:800:200C:417A
hostname(config-network-object-group)# network-object object existing-object-1 
hostname(config-network-object-group)# group-object existing-network-object-group 
Step 3 (Optional) Add a description.
hostname(config-network-object-group)# description string
Example
To create a network group that includes the IP addresses of three administrators, enter the following 
commands:
hostname (config)# object-group network admins
hostname (config-protocol)# description Administrator Addresses