cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1597
Views
0
Helpful
7
Replies

Find in access-list a indicated address

SupportAC
Level 1
Level 1

Hi,

 

We have a doubt:

 

We are trying to get all the "Access-list" in which an IP 192.1xx.xxx.xxx appears and we are not able to list them in the ASDM, but neither in CLI, it seems that when configuring the rules from the asdm appear as objects of this type (DM_INLINE_NETWORK_XXXX) to which an index number (XXXX) is assigned, so we do not see them either, and this index does not correlate with the list of applied rules.

Can we know the optimal procedure if there is one to obtain these records, or, if there is any architectural drawback in these teams to obtain such data?

7 Replies 7

balaji.bandi
Hall of Fame
Hall of Fame

what is this this output shows .

 

show access-list | incl ip (ip)

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

SupportAC
Level 1
Level 1

We need to filter the segment: 10.202.X.X a 10.251.X.X

 

sh access-list | i ip 10.2                   this command is not showing anything

 

# sh access-list | i ip 10.20*

# sh access-list | i ip 10.25*

# sh access-list | i ip 10.251.*

# sh access-list | i ip 10.251.31.20

 

-------------------------------------------------------------------------------------

 

sh access-list | i ip 10.2*

  access-list 2 line 7 extended permit ip 10.0.0.0 255.0.0.0 10.153.0.0 255.255.252.0 (hitcnt=0) 0x12624e22

  access-list 1 line 17 extended permit ip 10.128.0.0 255.255.0.0 host 10.0.32.35 (hitcnt=0) 0xeb3e3699

 

This would be an definided object but its not find it: sh access-list | i ip 10.251.31.20

 

the point it would be to find objects / hosts within a network segment, specifically the one we add in the command. is that possible?

 

in the orginal post you looking to get ip range of 192.X now you looking for 10.X object.

 

what is the requirement, if you have wide range of address space, you can not find the object inside the network, until you have object created.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

We need to filter in ACL in order to find where a created host should be match.

 

sh access-list | i ip 10.251.31.20 -> This command is not showing anything

 

So is there any way to find a host and what ACL should be applying? or just if the ACL has the same host ip?

there is another way too. I  use this way more often. what you can do is, if you using putty. than cli (ssh/telnet) to the firewall. and follow this link https://my.kualo.com/knowledgebase/?kbcat=0&article=888

please do not forget to rate.

i dont understand what you mean with that

any idea to find a host within ACLs applied to this host?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: