Adding a service object group – Cisco ASA 5505 User Manual

Page 370

Advertising
background image

13-8

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 13 Configuring Objects

Configuring Objects and Groups

Adding a Service Object Group

To add or change a service object group, perform the steps in this section. After you add the group, you
can add more objects as required by following this procedure again for the same group name and
specifying additional objects. You do not need to reenter existing objects; the commands you already set
remain in place unless you remove them with the no form of the command.

Detailed Steps

Example

To create service groups that include DNS (TCP/UDP), LDAP (TCP), and RADIUS (UDP), enter the
following commands:

hostname (config)# object-group service services1 tcp-udp

hostname (config-service)# description DNS Group

hostname (config-service)# port-object eq domain

hostname (config)# object-group service services2 udp

hostname (config-service)# description RADIUS Group

hostname (config-service)# port-object eq radius

Command

Purpose

Step 1

object-group service

grp_id {tcp | udp |

tcp-udp

}

Example:

hostname(config)# object-group service

services1 tcp-udp

Adds a service group.

The object keyword adds an additional object to the
service object group.

The grp_id is a text string up to 64 characters in
length and can be any combination of letters, digits,
and the following characters:

underscore “_”

dash “-”

period “.”

Specify the protocol for the services (ports) you
want to add with either the tcp, udp, or tcp-udp
keywords. Enter the tcp-udp keyword if your
service uses both TCP and UDP with the same port
number, for example, DNS (port53).

The prompt changes to service configuration mode.

Step 2

description

text

Example:

hostname(config-service)# description DNS

Group

(Optional) Adds a description. The description can
be up to 200 characters.

Step 3

port-object

{eq port | range begin_port

end_port}

Example:

hostname(config-service)# port-object eq

domain

Defines the ports in the group. Enter the command
for each port or range of ports. For a list of permitted
keywords and well-known port assignments, see the

“Protocols and Applications” section on page B-11

.

Advertising