Hello TE-EN LIN
The protocol option allows you to define a group of protocols. The options provided can be seen below:
myASA(config)# object-group protocol PROTOCOLGROUP
myASA(config-protocol-object-group)# ?
description Specify description text
group-object Configure an object group as an object
help Help for protocol object-group configuration commands
no Remove an object or description from object-group
protocol-object Configure a protocol object
myASA(config-protocol-object-group)# protocol-object ?
protocol-object-group mode commands/options:
<0-255> Enter protocol number (0 - 255)
ah
eigrp
esp
gre
icmp
icmp6
igmp
igrp
ip
ipinip
ipsec
nos
ospf
pcp
pim
pptp
sctp
snp
tcp
udp
myASA(config-protocol-object-group)# protocol-object
You can see protocol groups include various mechanisms including icmp, gre, eigrp, ipsec, ip, and so on.
Now if you use the service option, you can define a mixed group of services. It is somewhat more powerful than the protocol keyword. Indeed Cisco recommends you use the service option rather than the protocol option.
Take a look at this command reference for more information:
I hope this has been helpful!
Laz