13-3
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter13 Configuring Objects
Configuring Objects and Groups
Guidelines and Limitations for Objects and Groups
This section includes the guidelines and limitations for this feature.
Context Mode Guidelines
Supported in single and multiple context mode.
Firewall Mode Guidelines
Supported in routed and transparent firewall modes.
IPv6 Guidelines
Supports IPv6, with limitations. (See the “Additional Guidelines and Limitations” section on page13-3.)
Additional Guidelines and Limitations
The following guidelines and limitations apply to object groups:
Objects and object groups share the same name space.
Object groups must have unique names. While you might want to create a network object group
named “Engineering” and a service object group named “Engineering,” you need to add an identifier
(or “tag”) to the end of at least one object group name to make it unique. For example, you can use
the names “Engineering_admins” and “Engineering_hosts” to make the object group names unique
and to aid in identification.
You cannot remove an object group or make an object group empty if it is used in a command.
The ASA does not support IPv6 nested object groups, so you cannot group an object with IPv6
entities under another IPv6 object group.
Configuring Objects
This section includes the following topics:
Configuring a Network Object, page13-3
Configuring a Service Object, page13-4

Configuring a Network Object

A network object contains a single IP address/mask pair. Network objects can be of three types: host,
subnet, or range.
You can also configure auto NAT as part of the object definition; see Chapter30, “Configuring Network
Object NAT, for more information.