Cisco Systems CL-28826-01 Add or Edit Network/Host Dialog Box

6-77

User Guide for Cisco Security Manager 4.4

OL-28826-01

Chapter6 Managing Policy Objects

Understanding Networks/Hosts Objects

Step 1 Choose Policy Objects from the Manage menu, or click the Policy Object Manager button in the button

bar, to open the Policy Object Manager pane in the lower section of the Configuration Manager window;

see Policy Object Manager, page 6-4 for more information.

Step 2 Select Networks/Hosts in the Object Type selector.

Step 3 Click the New Object button at the bottom of the window and choose one of the following types of

Networks/Hosts object to open the Add or Edit Network/Host Dialog Box, page 6-77. You also can

right-click in the work area, choose New Object, and then choose one of the following options to open

the dialog box.

•Group – To create an object that has one or more entry. You can include any combination of

networks, hosts, address ranges, or other network/host objects (including FQDN objects).

•FQDN – (ASA 8.4(2+) only) To create an object with a single host’s fully qualified domain name,

such as myhost.cisco.com.

•Host – To create an object with a single host address, such as 10.100.10.10 or

2001:DB8::12ab:5689.

•Address Range – To create an object with a single range of addresses, such as

10.100.10.1-10.100.10.255.

•Network – To create an object with a single network address, such as 10.100.10.0/24 or

2001:DB8::/32.

Tip Host, network, and address range objects also let you configure object NAT rules for ASA 8.3+

devices. Any NAT configuration is ignored for other devices.

Step 4 Provide the appropriate information in the Add or Edit Network/Host Dialog Box, page6-77.

Add or Edit Network/Host Dialog Box

Use the Add or Edit Network/Host dialog box to view, create, or edit network/host objects. The title,

content and appearance of the dialog box differ slightly based on the type of network/host object you are

creating: Group, FQDN, Host, Address Range, or Network. (FQDN objects require ASA 8.4.2 or later

devices.) The Group type lets you enter multiple definitions, so you can have a collection of networks,

hosts, and other network/host objects, whereas the other types allow a single definition only.

The Host, Network, and Address Range versions of the dialog box provide two tabbed panels of options:

General and NAT. Options on the General panel and the non-tabbed versions of the dialog box are

described in the following table; the NAT options are described in Add or Edit Network/Host Dialog

Box: NAT Tab, page 23-41.

Note As of Security Manager 4.4, there are no longer separate IPv4 and IPv6 Networks/Hosts objects—there

is now a single, unified Networks/Hosts object, which may accept IPv4 addresses, IPv6 addresses, or

both (in the case of group objects only). However, group objects containing a mixture of IPv4 and IPv6

addresses can be assigned only to policies on ASA 9.0.1 and later devices.