Hello Everyone....

I am working on a configuration template for rolling a large amount (greater than 50) of ASA 5545X using 9.13(1) software. I am having a difficult time getting two Network Objects into an Object Group.

I am able to successfully create the Object Group Name, but am only able to add one network object to the group. For example, see the config below:

object-group network ALL_CORP_SERVERS
 network-object object HQ_SERVERS
 network-object object REGION1_SERVERS

object-group network ALL_CORP_NETS
 network-object object HQ_NETS
 network-object object REGION1_NETS



object network HQ_NETS
 subnet 192.168.10.64 255.255.255.224
object network HQ_SERVERS
 subnet 192.168.10.0 255.255.255.128

object network REGION1_SERVERS
 range 192.168.20.175 192.168.20.199
object network REGION1_NETS
 range 192.168.20.250 192.168.20.254


1. I am able to successfully create object-group network ALL_CORP_SERVERS and object-group network ALL_CORP_NETS.
2. I am able to successfully add network object HQ_SERVERS to the object-group network ALL_CORP_SERVERS
3. I am able to successfully network object HQ_NETS to the object-group network ALL_CORP_NETS
4. I cannot get the REGION1 _SERVERS network object to add to the ALL_CORP_SERVERS object group.
5.  I cannot get the REGION1 _NETS network object to add to the ALL_CORP_NETS object group.

In summary, I am able to get the HQ network objects to automatically add to their respective object groups. But I cannot get the REGION network objects to automatically add to their respective object groups. After uploading to the config to the ASA, I can manually add the REGION objects to their object group but am trying to prevent that!

I have tried changing the range to subnet, but that didnt work either.

Any and all help is welcomed!!!