6-90
User
Guide

for

the

Cisco

Application

Networking

Manager

5.2
OL-26572-01
Chapter
6






Configuring

Virtual

Contexts
Configuring
Object

Groups
This
section

includes

the

following

topics:


Creating
or

Editing

an

Object

Group,

page
6-90


Configuring
IP

Addresses

for

Object
Groups,
page
6-91


Configuring
Subnet

Objects

for

Object

Groups,

page
6-92


Configuring
Protocols

for

Object

Groups,

page
6-93


Configuring
TCP/UDP

Ser

vice

Parameters

for


Object

Groups,

page
6-94


Configuring
ICMP
Service

Parameters

for
an
Object

Group,

page
6-97
Creating
or

Editing

an

Object

Group
You
can

create

a

object

group

or

edit

an

existing

one.
Procedure
Step
1
Choose
the

item

to

configure:


To
configure

a

virtual

context,

choose
Config
>

Devices

>

context

>

Security

>

Object

Groups.


To
configure
a

configuration

building

bl

ock,

choose
Config
>
Global
>
All

Building

Blocks
>
building_block
>

Security

>

Object

Groups.
Note
Object
groups
ar

e

available
for
onl

y

ACE

modules
and
ACE

module
configuration
building
blocks.
The
Object

Groups

table

appears,

l

isting

existing

obj

ect

groups.
Step
2
In
the

Object

Groups

table,

click
Add
to

create

a

new

object
group,
or

choose

an

existing

object

group,
and
cl

ick

Edit

to

modify

it.
The
Object

Groups

configuration

window

appears.
Note
The
obj

ect

gr

oup

definition
attributes
for

Protocol

Sel

ection
and

Ser

vice

Parameter

cannot

be
edited
once

defined

for

an

object

group.

To

edit

these

values,

delete

the

object

group

definition
and
then

add

it

again

with

the

desired

settings.
Step
3
In
the

Name
field
of

the

Object

Groups

configuration

window,
enter
a

unique

name

for

this

object

group.
Valid
entries

are

unquoted

text

strings

with

no

spaces

and

a

maximum

of

64

alphanumeric

characters.
Step
4
In
the

Description

field,

enter

a

brief

description

for

the

object

group.
Step
5
In
the

Type
field,
choose

the

type
of
object

group

that

you

are

creating:


Network—The
object

group

is
based
on

a

gr

oup

of


hosts

or
subnet
IP
addresses.


Service—The
object

group

is
based
on

TCP

or

UDP

protocols

and

por

ts,
or
ICMP

types,

such

as
echo
or

echo-reply.
Step
6
Do
one

of

the

following:


Click
Deploy
Now

to
immediately
deploy

this
configuration

on

the

ACE

and

save

your

entries

to
the
running-configuration

and

startup-configuration

files.

This

option

appears

for

virtual

contexts.


Click
OK
to
save
your
entries.

This
option
appears
for
configuration

building

bl

ocks.