How to find certain "network-object" belong to which "object-group"?

Adam David · ‎09-22-2010

Let say I want to find which access-list is using ip address 10.10.10.10

I start the searching by issue sh run | i 10.10.10.10

ASA5520# sh run | i 10.10.10.10
name 10.10.10.10 net-ABC

Then I found ip address 10.10.10.10 is mapped to net-ABC

I run sh run | i net-ABC command to find which access-list is using it and I got this output.

ASA5520# sh run | i net-ABC
name 10.10.10.10 net-ABC
 network-object net-ABC 255.255.255.248

Is there any command to filter network-object net-ABC belong to any object-group?

Yes, I can find this by using command sh run object-group. This command is very useful if there are not many object-group. However, it's hard to filter if there are a lot of object-group in the firewall.

ASA5520# sh run object-group
object-group network net-XYZ                                                                                                       
 network-object net-ABC 255.255.255.248                                                                                             
 network-object net-DEF 255.255.255.248

Thanks in advance

Nagaraja Thanthry · ‎09-22-2010

Hello,

You can try the following:

Turn off the "names" feature so all names are converted to IP addresses in the configuration:

"no names"

show access-list | i 10.10.10.10

show run | i 10.10.10.10

show run object-group | be 10.10.10.10

Once you are done with finding the information, turn on the names

"names"

Hope this helps.

Regards,

NT