Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
908
Views
5
Helpful
5
Replies

ASA Access-list object name substitution

Go to solution
N3t W0rK3r
Level 3
Level 3

‎05-11-2011 08:17 AM - edited ‎03-11-2019 01:32 PM

I am troubleshooting a s2s vpn between an ISR871 and my ASA5520 and I suspect a problem with my crypto-maps.

Is there a way I can display an access-list on the ASA and have the object names substituted with their IP addresses?

Thanks very much.

John

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
varrao
Level 10
Level 10
In response to N3t W0rK3r

‎05-11-2011 10:34 AM

John,

I am really glad it worked for you. Yes, "no names" command is revertible, all you need to do is give the command "names" back on to the ASA, and it would show the names again.

Just for your future reference, this is the command reference link for ASA 8.2:

http://www.cisco.com/en/US/partner/docs/security/asa/asa82/command/reference/no.html#wp1769321

If you can provide me the correct software version, i can provide you the command ref for that as well.

Hope this helps.

Thanks,

Varun

Thanks,
Varun Rao

View solution in original post

0 Helpful
5 Replies 5

Go to solution
varrao
Level 10
Level 10

‎05-11-2011 10:20 AM

Hi John,

Well if you are using names, then if you do "no names" on the firewall, it would substitute the names with the IP addresses. But if you are talking about object-group names being used in ACL, then I am afraid there is no such way, although if you do "show access-list , it would show you all the IP addresses host under the object group, so that way you can identify the IP's.

Hope this helps.

Thanks,

Varun

Thanks,
Varun Rao

Go to solution
N3t W0rK3r
Level 3
Level 3
In response to varrao

‎05-11-2011 10:27 AM

Hi Varun,

Thank you for your reply.... was very helpful.  Yes, I was referring to names (i.e. for hosts, and networks, etc) and not actually object-groups... sorry for the confusion.

So if I issue the "no names" command, that will blow away all the names commands in the config, correct?  I guess it's not reversible either, is it?

It would be nice to have that option when using the "show access-list" command to specify only IP addresses be displayed.

Thanks again.

John

0 Helpful

Go to solution
varrao
Level 10
Level 10
In response to N3t W0rK3r

‎05-11-2011 10:34 AM

John,

I am really glad it worked for you. Yes, "no names" command is revertible, all you need to do is give the command "names" back on to the ASA, and it would show the names again.

Just for your future reference, this is the command reference link for ASA 8.2:

http://www.cisco.com/en/US/partner/docs/security/asa/asa82/command/reference/no.html#wp1769321

If you can provide me the correct software version, i can provide you the command ref for that as well.

Hope this helps.

Thanks,

Varun

Thanks,
Varun Rao
0 Helpful

Go to solution
N3t W0rK3r
Level 3
Level 3
In response to varrao

‎05-11-2011 10:37 AM

OK, cool... that'll do the trick fo rme for sure!  Thanks a lot.

BTW, my version info is:

Cisco Adaptive Security Appliance Software Version 8.0(4)

Device Manager Version 6.1(5)51

Regards,
John

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card