1-11
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring Objects
Configuring Objects
Configuring a Protocol Group
A protocol group contains IP protocol types.
Detailed Steps
Example
To create a protocol group for TCP, UDP, and ICMP, enter the following commands:
hostname (config)# object-group protocol tcp_udp_icmp
hostname (config-protocol)# protocol-object tcp
hostname (config-protocol)# protocol-object udp
hostname (config-protocol)# protocol-object icmp
Configuring Local User Groups
You can create local user groups for use in features that support the identity firewall (IDFW) by
including the group in an extended ACL, which in turn can be used in an access rule, for example.
Command Purpose
Step 1
object-group protocol obj_grp_id
Example:
hostname(config)# object-group protocol
tcp_udp_icmp
Adds a protocol group. The obj_grp_id is a text string up to 64
characters in length and can be any combination of letters, digits,
and the following characters:
• underscore “_”
• dash “-”
• period “.”
The prompt changes to protocol configuration mode.
Step 2
Add one or more of the following group members:
protocol-object protocol
Example:
hostname(config-protocol)# protocol-object
tcp
Defines the protocols in the group. Enter the command for each
protocol. The protocol is the numeric identifier of the specified IP
protocol (1 to 254) or a keyword identifier (for example, icmp,
tcp, or udp). To include all IP protocols, use the keyword ip. For
a list of protocols that you can specify, see the “Protocols and
Applications” section on page 1-11.
group-object group_id
Example:
hostname(config-network)# group-object
Engineering_groups
Adds an existing object group under this object group. The nested
group must be of the same type.
Step 3
description text
Example:
hostname(config-protocol)# description New
Group
(Optional) Adds a description. The description can be up to 200
characters.
To Next Page
Loading...
Need help?
General
