Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
849
Views
0
Helpful
2
Replies

ASA 5510 Object-group & Range option

Go to solution
sadik.bash
Level 1
Level 1

‎02-07-2013 01:57 PM - edited ‎02-21-2020 04:50 AM

Hello,

I have 3 ASA 5510s; two of which are in production and the 3rd one is new. I inherited the two in production and was trying to configure that 3rd one using some of the existing object-group network statements.  The problem is that when I try to create a range of IPs in one of the object-groups; the range command is not available. Here is one of the statements extracted from one of the production ASAs:  object network REMOTE
range 62.77.130.14 62.77.130.208

Both ASAs have the same image ver (asa842-k8).  Is there something that I am missing to be able to enable the range option on the new ASA?

Thanks in advance,

~sK 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎02-07-2013 02:04 PM

Hi,

Are you sure the new ASA has booted to the new software 8.4(2)?

There are

  • object-group network
    • accepts networks and host addresses under it
  • object network
    • accepts subnet, range and host addresses under it

The "object network" configuration came available in the 8.3 software. Before that in software 8.2 and earlier only the "object-group network" (and other types of object-groups") existed.

Maybe you have several boot images set on the new ASA and its actually booting to the old software still?

What does the "show run boot" say?

If it lists both the command for old and new software then remove the old "boot system" command, save the configuration and reboot.

Hopefully the above information was helpful

- Jouni

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎02-07-2013 02:04 PM

Hi,

Are you sure the new ASA has booted to the new software 8.4(2)?

There are

  • object-group network
    • accepts networks and host addresses under it
  • object network
    • accepts subnet, range and host addresses under it

The "object network" configuration came available in the 8.3 software. Before that in software 8.2 and earlier only the "object-group network" (and other types of object-groups") existed.

Maybe you have several boot images set on the new ASA and its actually booting to the old software still?

What does the "show run boot" say?

If it lists both the command for old and new software then remove the old "boot system" command, save the configuration and reboot.

Hopefully the above information was helpful

- Jouni

0 Helpful

Go to solution
sadik.bash
Level 1
Level 1
In response to Jouni Forss

‎02-07-2013 02:11 PM

Thanks much for the quick and correct answer. My issue was that I would use the object-group network command rather than using the object network command.

Problem solved. Much appreciated.

Best, ~sK

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card