How to configure object groups to allow traffic in ASA

To create a network group that includes the IP addresses, enter the following commands:

hostname (config)# object-group network MAIN

hostname (config-protocol)# description MAIN Addresses

hostname (config-protocol)# network-object host 10.x.x.x

hostname (config-protocol)# network-object host 10.x.x.y

How to nest more than one groups together as follows:

hostname (config)# object-group network admin

hostname (config-network)# group-object MAIN (as mentioned above)

hostname (config-network)# group-object XXX

hostname (config-network)# group-object YYY

How to configure service objects and service groups

Service objects and groups are configured to identify protocols and ports.

hostname (config)# object service INB1

hostname (config-service-object)# service tcp source eq www destination eq ssh

Configuring a Service Group

hostname(config)# object-group service INB2

hostname(config-service-object-group)# service-object destination tcp eq ftp

hostname(config-service-object-group)# service-object destination tcp-udp eq www

The following example shows how to add multiple service objects to a service object group:

hostname(config)# service object SSH

hostname(config-service-object)# service tcp destination eq ssh

hostname(config)# service object EIGRP

hostname(config-service-object)# service eigrp

hostname(config)# service object HTTPS

hostname(config-service-object)# service tcp source range 0 1024 destination eq https

hostname(config)# object-group service Group1

hostname(config-service-object-group)# service-object object SSH

hostname(config-service-object-group)# service-object object EIGRP

hostname(config-service-object-group)# service-object object HTTPS

To create service groups that include DNS (TCP/UDP), LDAP (TCP), and RADIUS (UDP), enter the following:

hostname (config)# object-group service services1 tcp-udp

hostname (config-service)# description DNS Group

hostname (config-service)# port-object eq domain

hostname (config)# object-group service services2 udp

hostname (config-service)# description RADIUS Group

hostname (config-service)# port-object eq radius

hostname (config-service)# port-object eq radius-acct

hostname (config)# object-group service services3 tcp

hostname (config-service)# description LDAP Group

hostname (config-service)# port-object eq ldap

Configuring an ICMP Group

hostname (config)# object-group icmp-type ping

hostname (config-service)# description Ping Group

hostname (config-service)# icmp-object echo

hostname (config-service)# icmp-object echo-reply

Configuring a Protocol Group

hostname (config)# object-group protocol tcp_udp_icmp

hostname (config-protocol)# protocol-object tcp

hostname (config-protocol)# protocol-object udp

hostname (config-protocol)# protocol-object icmp