How to find certain "network-object" belong to which "object-group"?

Unanswered Question
Sep 22nd, 2010

Let say I want to find which access-list is using ip address 10.10.10.10

I start the searching by issue sh run | i 10.10.10.10

ASA5520# sh run | i 10.10.10.10
name 10.10.10.10 net-ABC

Then I found  ip address 10.10.10.10 is mapped to net-ABC

I run sh run | i net-ABC command to find which access-list is using it and I got this output.

ASA5520# sh run | i net-ABC
name 10.10.10.10 net-ABC
network-object net-ABC 255.255.255.248

Is there any command to filter network-object net-ABC belong to any object-group?

Yes, I can find this by using command sh run object-group. This command is very useful if there are not many object-group. However, it's hard to filter if there are a lot of object-group in the firewall.

ASA5520# sh run object-group
object-group network net-XYZ                                                                                                      
network-object net-ABC 255.255.255.248                                                                                            
network-object net-DEF 255.255.255.248

Thanks in advance

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Nagaraja Thanthry Wed, 09/22/2010 - 05:44

Hello,

You can try the following:

Turn off the "names" feature so all names are converted to IP addresses in the configuration:

"no names"

show access-list | i 10.10.10.10

show run | i 10.10.10.10


show run object-group | be 10.10.10.10

Once you are done with finding the information, turn on the names

"names"

Hope this helps.

Regards,

NT

Actions

This Discussion