The protocol is the numeric identifier of the specific IP protocol
(1 to 254) or a keyword identifier (example TCP, UDP). To include all IP protocols, use the keyword IP.
Network: To add a network group, use the object-group network grp_id command and define the
hosts or networks by using network-object {host host_addr | net_addr mask} in the object-group
submode.
Service: To add a service group, use the object-group service grp_id {tcp | udp | tcp-udp}
command. Specify the protocol for the services (ports) you want to add, by using either tcp, udp, or tcpudp
keywords. Enter the tcp-udp keyword if your service uses both TCP and UDP with the same port
number??”for example, DNS (port 53). Define the ports or range of ports by using port-object in the
object-group submode.
ICMP type: To add an ICMP type group, use the object-group icmp-type grp_id command. Define the
ICMP types by using icmp-object icmp_type (example, echo or echo-request) in the object-group
submode.
To use object groups in an access list, replace the normal protocol (protocol), network (source_address mask,
and so on), service (operator port), or ICMP type (icmp_type) parameter with object-group grp_id parameter.
Pages:
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313