Solved: ASA 5520: Adding network objects via CLI

dan · ‎11-04-2011

Hi (again),

I'm working with ASA 5520s. I am trying to figure out how to add network objects via CLI. I know I could easily do it using ASDM, but I like to learn the hardway first.

Question: How do I add the subnet mask for a network object when creating via CLI?

Here's how I'm creating the obejcts:

config t

object-group network telnet-users-group

description users allowed telnet access outbound

network-object host 172.16.25.50

network-object hosts 172.16.25.51

That sets up the hosts with IP addresses, but how do I add the subnet mask?

Thanks,

Dan

varrao · ‎11-04-2011

Hi Dan,

You do not need to it for a single host, the firewall takes it to be 255.255.255.255, but if you are adding a network or subnet then you can, for it you can add:

object network test

subnet 20.0.0.0 255.0.0.0

object network test1

subnet 10.0.0.0 255.0.0.0

object-group network test-group

network-object object test

network-object object test1

Hope that helps.

Thanks,

Varun

Thanks,
Varun Rao

View solution in original post

varrao · ‎11-04-2011

Hi Dan,

You do not need to it for a single host, the firewall takes it to be 255.255.255.255, but if you are adding a network or subnet then you can, for it you can add:

object network test

subnet 20.0.0.0 255.0.0.0

object network test1

subnet 10.0.0.0 255.0.0.0

object-group network test-group

network-object object test

network-object object test1

Hope that helps.

Thanks,

Varun

Thanks,
Varun Rao

dan · ‎11-04-2011

After looking at how the ASDM GUI created hosts I sort of figured that was the case.

Thanks.

Dan