cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

1938
Views
0
Helpful
2
Replies
Highlighted
Beginner
Beginner

ASA 5520: Creating host objects via CLI

I am trying to create host objects that I'll then add to network-object groups for use in ACL/ACEs.

When I try to create a host I am having trouble adding the IP address. I'm using the commands as found in guide for CLI on 5500 series:

(config) object network danworkstation

(config-network) host 172.16.1.50

I then get an error saying the host name must start and end with letters or numbers and only contain letters or numbers.

What do I need to do to create hosts from CLI?

Another question:


Once I create several hosts can I add them to a object-group using the object names?

example: I create hosts, danworksstation, steveworkstation, bobworkstation.

Can I then use those names to add them to an object-group named telnet-users?

(config) object-group network telnet-users

(config-network) network-object host danworkstation

(config-network) network-object host steveworkstation

etc.

Thanks,


Dan

2 ACCEPTED SOLUTIONS

Accepted Solutions
Highlighted
Advocate

ASA 5520: Creating host objects via CLI

Hi Dan,

What code are you running on ASA??

If its pre 8.3, you need to refer this:

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/no.html#wp1772354

If its post 8.3:

http://www.cisco.com/en/US/partner/docs/security/asa/asa84/command/reference/no.html#wp1819044

In post 8.3, under object-gtroups you can definitely use the name of the object as shown to you in the previous thread. it should not be any problem.

Hope that helps.

Thanks,

Varun

Thanks, Varun Rao Security Team, Cisco TAC

View solution in original post

Highlighted
Beginner

ASA 5520: Creating host objects via CLI

You have to use the 'name' cmd first, binding the IP -> name, then create the obj-grp and include them. Let me know, thanks.

!---start

name 1.1.1.1 testwkstn-1

name 1.1.1.2 testwkstn-2

name 1.1.1.3 testwkstn-3

!

object-group network telnet-users

network-object host testwkstn-1

network-object host testwkstn-2

network-object host testwkstn-3

!---end

View solution in original post

2 REPLIES 2
Highlighted
Advocate

ASA 5520: Creating host objects via CLI

Hi Dan,

What code are you running on ASA??

If its pre 8.3, you need to refer this:

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/no.html#wp1772354

If its post 8.3:

http://www.cisco.com/en/US/partner/docs/security/asa/asa84/command/reference/no.html#wp1819044

In post 8.3, under object-gtroups you can definitely use the name of the object as shown to you in the previous thread. it should not be any problem.

Hope that helps.

Thanks,

Varun

Thanks, Varun Rao Security Team, Cisco TAC

View solution in original post

Highlighted
Beginner

ASA 5520: Creating host objects via CLI

You have to use the 'name' cmd first, binding the IP -> name, then create the obj-grp and include them. Let me know, thanks.

!---start

name 1.1.1.1 testwkstn-1

name 1.1.1.2 testwkstn-2

name 1.1.1.3 testwkstn-3

!

object-group network telnet-users

network-object host testwkstn-1

network-object host testwkstn-2

network-object host testwkstn-3

!---end

View solution in original post