CCSP/CCVP --ASA 5520配置例子

　　group-object tcp_http

　　group-object tcp_https

　　group-object tcp_telnet

　　object-group service tcp_http_8080 tcp

　　port-object eq 8080

　　object-group service tcp_ftp tcp

　　port-object eq ftp

　　object-group service tcp_ntp tcp

　　port-object eq 123

　　object-group service udp_ntp udp

　　port-object eq ntp

　　object-group service tcp_smtp tcp

　　port-object eq smtp

　　object-group service tcp_ssh tcp

　　port-object eq ssh

　　object-group network H_auth

　　group-object h_auth42

　　object-group network H_ntp_servers

　　group-object h_china_ntpserver

　　object-group service TCP_webservice tcp

　　group-object tcp_http

　　group-object tcp_https

　　access-list HIDING extended permit ip object-group N_RFC1918 any

　　access-list HIDING remark # this is a nat rule, only permit's are allowed

　　access-list NONAT extended permit ip object-group N_RFC1918 object-group N_RFC1918

　　access-list POLICY remark # counterpart of trigger rule

　　access-list POLICY extended permit tcp any object-group H_auth object-group TCP_client_auth

　　access-list POLICY remark # # ntp

　　access-list POLICY extended permit tcp any object-group H_ntp_servers object-group tcp_ntp

　　access-list POLICY extended permit udp any object-group H_ntp_servers object-group udp_ntp

　　access-list POLICY remark # RDCA-webbrowsing rule