Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2293
Views
0
Helpful
1
Replies

ASA 5545X Network Objects and Object Groups

Go to solution
TW80CJ5
Level 3
Level 3

‎08-27-2020 08:56 AM

Hello Everyone....

 

I am working on a configuration template for rolling a large amount (greater than 50) of ASA 5545X using 9.13(1) software. I am having a difficult time getting two Network Objects into an Object Group.

I am able to successfully create the Object Group Name, but am only able to add one network object to the group. For example, see the config below:

object-group network ALL_CORP_SERVERS
 network-object object HQ_SERVERS
 network-object object REGION1_SERVERS

object-group network ALL_CORP_NETS
 network-object object HQ_NETS
 network-object object REGION1_NETS



object network HQ_NETS
 subnet 192.168.10.64 255.255.255.224
object network HQ_SERVERS
 subnet 192.168.10.0 255.255.255.128

object network REGION1_SERVERS
 range 192.168.20.175 192.168.20.199
object network REGION1_NETS
 range 192.168.20.250 192.168.20.254


1. I am able to successfully create object-group network ALL_CORP_SERVERS and object-group network ALL_CORP_NETS.
2. I am able to successfully add network object HQ_SERVERS to the object-group network ALL_CORP_SERVERS
3. I am able to successfully network object HQ_NETS to the object-group network ALL_CORP_NETS
4. I cannot get the REGION1 _SERVERS network object to add to the ALL_CORP_SERVERS object group.
5.  I cannot get the REGION1 _NETS network object to add to the ALL_CORP_NETS object group.

In summary, I am able to get the HQ network objects to automatically add to their respective object groups. But I cannot get the REGION network objects to automatically add to their respective object groups. After uploading to the config to the ASA, I can manually add the REGION objects to their object group but am trying to prevent that!

I have tried changing the range to subnet, but that didnt work either.

Any and all help is welcomed!!!

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
TW80CJ5
Level 3
Level 3

‎08-27-2020 10:40 AM

OK, I got it figured out...

I was not declaring (for lack of a better word) the network object before the object group. Once I added a network object for the REGION NETS  and REGION SERVERS, they dropped in.

Thanks for letting me talk through it!!!!!

View solution in original post

0 Helpful
1 Reply 1

Go to solution
TW80CJ5
Level 3
Level 3

‎08-27-2020 10:40 AM

OK, I got it figured out...

I was not declaring (for lack of a better word) the network object before the object group. Once I added a network object for the REGION NETS  and REGION SERVERS, they dropped in.

Thanks for letting me talk through it!!!!!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card