How to find certain "network-object" belong to which "object-group"?

Unanswered Question
Sep 22nd, 2010

Let say I want to find which access-list is using ip address 10.10.10.10

I start the searching by issue sh run | i 10.10.10.10

ASA5520# sh run | i 10.10.10.10
name 10.10.10.10 net-ABC

Then I found  ip address 10.10.10.10 is mapped to net-ABC

I run sh run | i net-ABC command to find which access-list is using it and I got this output.

ASA5520# sh run | i net-ABC
name 10.10.10.10 net-ABC
network-object net-ABC 255.255.255.248

Is there any command to filter network-object net-ABC belong to any object-group?

Yes, I can find this by using command sh run object-group. This command is very useful if there are not many object-group. However, it's hard to filter if there are a lot of object-group in the firewall.

ASA5520# sh run object-group
object-group network net-XYZ                                                                                                      
network-object net-ABC 255.255.255.248                                                                                            
network-object net-DEF 255.255.255.248

Thanks in advance

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
Nagaraja Thanthry Wed, 09/22/2010 - 05:44

Hello,

You can try the following:

Turn off the "names" feature so all names are converted to IP addresses in the configuration:

"no names"

show access-list | i 10.10.10.10

show run | i 10.10.10.10


show run object-group | be 10.10.10.10

Once you are done with finding the information, turn on the names

"names"

Hope this helps.

Regards,

NT

Actions

Login or Register to take actions

This Discussion

Posted September 22, 2010 at 5:36 AM
Stats:
Replies:1 Avg. Rating:
Views:393 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard

Rank Username Points
1 7,861
2 6,140
3 3,170
4 1,473
5 1,446