ASA5520 object alias

r.arzouni · ‎11-22-2010

Hi There, what is the CLI command to create and alas for an object. for example if I have a server with an IP address 10.1.46.2 255.255.255.0 I would like to create an object aliase so I can use it in the NAT and ACL rules instead of typing the IP all the time.

Also if I have a group of servers how can create a group and add individual server with different Ips to this group.

if not the commands , a clue in the right direction for this would be great

Many Thanks

thundercisco · ‎11-22-2010

Hi,

use object-group to create objects,

And to group them use

object-group

)#group-object

e.g. i am having to web servers, so i will create

object-group network WEB_SRV_1

)# network-object host 10.10.10.10

)#exit

object-group network WEB_SRV_2

)# network-object host 10.10.10.11

)#exit

object-group network WEB_SRV_GRP

)# group-object WEB_SRV_1

)# group-object WEB_SRV_2

)#exit

In this way if i have to apply any rule particular for webservers then i can use WEB_SRV_1 or _2

If i have to apply rule to all web servers than i can use WEB_SRV_GRP.

You can easily add webservers to group. Instead of network as type of object you can use service, then you can mention serrvices like tcp ,UDP port number etc

Cheers

ASA5520 object alias

Support for Network and Service Objects in Secure Internet Access

ACI object moquery Cheat Sheet

NAT における Alias 作成動作について

object service udp-port

Trying to enable AnyConnect Alias