Cisco Systems ASA 5510, ASA 5512-X, ASA 5515-X, ASA 5520, ASA 5525-X, ASA 5540, ASA 5545-X, ASA 5550, ASA 5555-X, ASA 5580, ASA 5585-X, ASA 5505 Using Network Objects and Groups in a Rule, Viewing the Usage of a Network Object or Group

20-4

Cisco ASA 5500 Series Configuration Guide using ASDM

Chapter20 Configuring Objects

Configuring Network Objects and Groups

•To add a new address, fill in the values under the Create New Network Object Member area, and

click Add.

The object or group is added to the right-hand Members in Group pane. This address is also added

to the network object list.

To remove an object, double-click the object in the Members in Group pane, or select the object and click

Remove.

Step6 After you add all the member objects, click OK.

You can now use this network object group when you create a rule. For an edited object group, the change

is inherited automatically by any rules using the group.

Note You cannot delete a network object group that is in use.

Using Network Objects and Groups in a Rule

When you create a rule, you can enter an IP address manually, or you can browse for a network object

or group to use in the rule. To use a network object or group in a rule, perform the following steps:

Step1 From the rule dialog box, click the ... browse button next to the source or destination address field.

The Browse Source Address or Browse Destination Address dialog box appears.

Step2 You can either add a new network object or group, or choose an existing network object or group by

double-clicking it.

To find an object in the list, enter a name or IP address in the Filter field, and click Filter. The wildcard

characters asterisk (*) and question mark (?) are allowed.

•To add a new network object, see the “Configuring a Network Object” section on page20-2.

•To add a new network object group, see the “Configuring a Network Object Group” section on

page 20-3.

After you add a new object or double-click an existing object, it appears in the Selected

Source/Destination field. For access rules, you can add multiple objects and groups in the field,

separated by commas.

Step3 Click OK.

You return to the rule dialog box.

Viewing the Usage of a Network Object or Group

To view which rules use a network object or group, in the Configuration > Firewall > Objects > Network

Objects/Group pane, click the magnifying glass Find icon.

The Usages dialog box appears, listing all the rules currently using the network object or group. This

dialog box also lists any network object groups that contain the object.

Cisco Systems Using Network Objects and Groups in a Rule, Viewing the Usage of a Network Object or Group