Skip to main content

 

 

Cisco Defense Orchestrator

Create or Edit ASA Network Objects and Network Groups

About Network Objects

A network object can contain a host name, a network IP address, a range of IP addresses, a fully qualified domain name (FQDN), or a subnet address expressed in CIDR notation. Network groups are conglomerates of network objects and other individual addresses or subnet you add to the group. Network objects and network groups are used in access rules, network policies, and NAT rules. You can create, read, update, and delete network objects and network groups using CDO.

IP addresses that can be added to network objects

Device type IPv4 / IPv6 Single Address Range of addresses Fully Qualified Domain Name Subnet using CIDR Notation
ASA IPv4 Yes Yes Yes Yes

Create an ASA Network Object

  1. Click the Objects tab to open the Objects page.
  2. Click the blue plus button cli_create_plus.png and select ASA > Network.   
  3. Enter an object name.
  4. Select Create a network object.
  5. In the Value section, add the IP address information in one of these ways: 
  • Select eq and then enter a single IP address, a subnet address using CIDR notation, or a fully qualified domain name (FQDN).
  • Select range and then enter a range of IP addresses. Enter the range with the beginning and ending address in the range separated by a space. For example, 10.1.1.1 10.1.1.255.
  1. Click Add.

Create an ASA Network Group

A network group is made up of multiple network objects or IP addresses.

  1. If you want your network group to be made up of network objects, use the Create a Network Object procedure above to create individual network objects for your IP addresses. 
  2. Click the Objects tab to open the Objects page.
  3. Click the blue plus button cli_create_plus.png and select ASA > Network.   
  4. Enter an object name.
  5. Select Create a network group.
  6. Add IP addresses or network objects to the group using one or a combination of these methods:
  • Network objects: Click Add Object, select the network object from the list and click Select. Continue to do this until you have added all the network objects you want. 
  • Individual IP addresses or a subnet: In the Value section, select eq and then enter a single IP address or a subnet expressed in CIDR notation. Click Add Another Value and then add another IP address in the Value field until you have added all the values you want. Click Add when you are done.
  • Bulk entry: In the Values area, click Show Advanced show_advanced.png. Paste into the text box a list of IP addresses or subnet addresses separated by a newline, space, comma, or semicolon and then click Done.
  1. Click Add

Edit an ASA Network Object or Network Group 

  1. Click the Objects tab to open the Objects page.
  2. Locate the object you want to edit by using object filters and search field.
  3. Select the object you want to edit.
  4. Click the edit icon edit.png in the details pane.
  5. Edit the values in the dialog box in the same fashion that you created them in the procedures above. 

Caution: When editing network groups in advanced mode, add new addresses to a group by scrolling to the end of the existing list and then adding them at that point; you can select and delete individual entries in the list; do not click the Clear button unless you want to delete all the objects from the existing network group.

  1. Click Save.
  2. CDO displays the policies that will be affected by the change. Click Confirm to finalize the change to the object and any policy affected by it.
  • Was this article helpful?