object-group四种类型:

1.Protocol

2.Network

3.Service

4.ICMP-type

1.Protocol

object-group protocol tcp_udp_icmp

protocol-object tcp

protocol-object udp

protocol-object icmp

2.Network

object-group network admin

network-object host 10.1.1.4

network-object host 10.1.1.78

network-object host 10.1.1.34

object-group network DMZ

network-object 172.10.1.0 255.255.255.0

network-object 172.10.2.0 255.255.255.0

3.Service

object-group service tcp.udp.ser tcp-udp

description DNS Group

port-object eq domain

object-group service udp.ser udp

description RADIUS Group

port-object eq radius

port-object eq radius-acct

object-group service tcp.ser tcp

description LDAP Group

port-object eq ldap

object-group service ALL-Services

service-object gre

service-object icmp echo

service-object tcp eq http

service-object udp eq domain

4.icmp-type

object-group icmp-type ping

description Ping Group

icmp-object echo

icmp-object echo-reply

案例:

object-group protocol TCP

protocol-object tcp

object-group network Internal-Servers

network-object host 202.100.1.81

network-object host 202.100.1.82

object-group network Internet-Hosts

network-object host 202.100.10.101

network-object host 202.100.10.102

object-group service HTTP-SMTP tcp

port-object eq smtp

access-list outside_access_in extended permit object-group TCP object-group Internet-Hosts object-group Internal-Servers object-group HTTP_SMTP

access-group outside_access_in in interface outside