Cisco ASA 5505 User Manual
Page 367
13-5
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 13 Configuring Objects
Configuring Objects and Groups
Detailed Steps
Example
To create a service object, enter the following commands:
hostname (config)# object service SERVOBJECT1
hostname (config-service-object)# service tcp source eq www destination eq ssh
Command
Purpose
Step 1
object service
obj_name
Example:
hostname(config)# object-service
SERVOBJECT1
Creates a new service object. The obj_name is a text string up to
64 characters in length and can be any combination of letters,
digits, and the following characters:
•
underscore “_”
•
dash “-”
•
period “.”
The prompt changes to service object configuration mode.
Step 2
service
{protocol | icmp icmp-type | icmp6
icmp6-type | {tcp | udp} [source operator
port] [destination operator port]}
Example:
hostname(config-service-object)# service
tcp source eq www destination eq ssh
Creates a service object for the source mapped address.
The protocol argument specifies an IP protocol name or number.
The icmp, tcp, or udp keywords specify that this service object is
for either the ICMP, TCP, or UDP protocol.
The icmp-type argument names the ICMP type.
The icmp6 keyword specifies that the service type is for ICMP
version 6 connections.
The icmp6-type argument names the ICMP version 6 type.
The source keyword specifies the source port.
The destination keyword specifies the destination port.
The operator port argument specifies a single port/code value that
supports configuring the port for the protocol. You can specify
“eq,” “neq,” “lt,” “gt,” and “range” when configuring a port for
TCP or UDP. The “range” operator lists the beginning port and
ending port.