Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

"name feature" on ASA5550 version 8.4(2)

I have upgraded ASA5550 version from 7.2(4) to 8.4(2).

On version 7, I am used to "names" command, like this:

names

name 107.25.1.10 Picard

name 107.25.2.20 Administrativa

By addition, when configuring acls it was very usefull, for example:

access-list inside_access_out line 15 extended permit udp host Picard host 107.25.4.61 eq snmp

On version 8, I have verified that names replacement is no more available:

ASA(config)# access-list outside_access_in permit ip host ?

configure mode commands/options:

  A.B.C.D  Source host IP address

Is that true ?

1 ACCEPTED SOLUTION

Accepted Solutions
Red

"name feature" on ASA5550 version 8.4(2)

Hi Rosa,

In the version 8.3 or later, a new concept of host-based objects being used to reference singular objects by their names. So you might need to try:

object network  Picard

  host 107.25.1.10

access-list inside_access_out line 15 extended permit udp Picard host 107.25.4.61 eq snmp

I just checked it on my lab device and that's how you would need to do it.

Thanks,

Varun

Thanks, Varun Rao Security Team, Cisco TAC
5 REPLIES
Red

"name feature" on ASA5550 version 8.4(2)

Hi Rosa,

Names command is still there in the version 8.4, you would first need to enable the names command on the device and then you should get the prompt for it.

names

here's the 8.4 command reference:

http://www.cisco.com/en/US/customer/docs/security/asa/asa84/command/reference/no.html#wp1812279

Thanks,

Varun

Thanks, Varun Rao Security Team, Cisco TAC
Community Member

"name feature" on ASA5550 version 8.4(2)

Varun, I was not clear.

I can still use command names. Version 8 accepts name definifion.

What I am not able to do is to write acls using this names definitions.

On version 8, I have verified that names replacement is no more available:

ASA(config)#  conf t

ASA(config)# access-list outside_access_in permit ip host ?

configure mode commands/options:

A.B.C.D  Source host IP address    <------   you see ? only host IP address

Red

"name feature" on ASA5550 version 8.4(2)

Hi Rosa,

In the version 8.3 or later, a new concept of host-based objects being used to reference singular objects by their names. So you might need to try:

object network  Picard

  host 107.25.1.10

access-list inside_access_out line 15 extended permit udp Picard host 107.25.4.61 eq snmp

I just checked it on my lab device and that's how you would need to do it.

Thanks,

Varun

Thanks, Varun Rao Security Team, Cisco TAC
Community Member

"name feature" on ASA5550 version 8.4(2)

Varun, thanks a lot.

That is what I am looking for.

Regards,

Rosa

Community Member

"name feature" on ASA5550 version 8.4(2)

Hi Varun,

Thinking a little bit more about you said, can I ask you anything else?

You said:

"Names command is still there in the version 8.4, you would first need to enable the names command on the device and then you should get the prompt for it.

names"

I did and I was not succesfull.

Then, following your suggestion, I tried:

"object network  Picard

  host 107.25.1.10

access-list inside_access_out line 15 extended permit udp Picard host 107.25.4.61 eq snmp"

... and I got real results.

so, that is the question :

What is the real use for name command ? (Why is it still there?)

Thanks,

Rosa

392
Views
0
Helpful
5
Replies
CreatePlease to create content