Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
360
Views
6
Helpful
4
Replies

Server names change in ASA

mahesh18
Level 6
Level 6

‎10-07-2013 07:26 AM - edited ‎03-11-2019 07:48 PM

Hi everyone,

Server team is changing names of all the servers as part of standard naming process.

IP will reamin the same

We have ACL in the firewall and some use server IP and some use server name.

Fw config has

name 192.16.x.x server1

network-object host server2

Need to confirm if i change the name of server under

name 192.168.x.x newservername

will all the rules in fw should be ok?

Regards

Mahesh

Labels:
0 Helpful
4 Replies 4

Jouni Forss
VIP Alumni
VIP Alumni

‎10-07-2013 08:01 AM

Hi Mahesh,

The configuration "name" gives you the chance to refer to an IP address / Network address in the configuration with a name rather than the IP address.

If you change the "name" configurations then this wont remove anything essential in the current configurations. For example if you have an "object-group network" which contains "network-object host " currently and you remove the "name" command corresponding to the then the "network-object host" line will stay there with the IP address instead of the name.

Heres an example from my home firewall

I create an "object-group"

object-group network NAMES

network-object host 1.1.1.1

network-object host 2.2.2.2

network-object host 3.3.3.3

I configure "name" configurations

name 1.1.1.1 NUMBER-ONE

name 2.2.2.2 NUMBER-TWO

name 3.3.3.3 NUMBER-THREE

I view the "object-group" configuration

ASA(config)# sh run object-group id NAMES

object-group network NAMES

network-object host NUMBER-ONE

network-object host NUMBER-TWO

network-object host NUMBER-THREE

I remove ALL the name configurations (you SHOULD NOT probably use this command as it removes all the "name" configurations)

clear configure name

I view the "object-group" configuration again

ASA(config)# sh run object-group id NAMES

object-group network NAMES

network-object host 1.1.1.1

network-object host 2.2.2.2

network-object host 3.3.3.3

So as you can see, only the presentation of the "object-group" configurations changes. Not the actual content which are the actual IP addresses specified in the "network-object" command.

It seems to me that you will have to remove the existing "name" configuration for an IP address before you can apply a new name. It seems that there is no command to rename it though I guess there really is no need for it as the "name" configurations isnt a critical part of the configurations and doesnt really affect anything (to my understanding).

While I can see "name" configurations uses I dont personally use it at all. Its one of the first things I disable on the firewall

- Jouni

mahesh18
Level 6
Level 6
In response to Jouni Forss

‎10-07-2013 02:44 PM

Hi Jouni,

Many thanks for reply back.

Seems i can not mark this question as correct as there is no field for correct answer

Regards

Mahesh

0 Helpful

Jouni Forss
VIP Alumni
VIP Alumni
In response to mahesh18

‎10-07-2013 02:47 PM

Hi Mahesh,

It seems to me that you have set this as a discussion and not an actual question. I mean your original post. As its not set as a question that means no reply in the discussion can be a correct reply.

You can however rate a reply that is helpfull.

The Correct Answer is the same as giving an answer/reply a 5 star rating at the bottom of the reply by hovering the mouse pointer over the amount of stars and clicking when its show the correct amount for your choice.

- Jouni

mahesh18
Level 6
Level 6
In response to Jouni Forss

‎10-07-2013 02:53 PM

Hi Jouni,

Its done.

Best regards

Mahesh

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card