Solved: Checking the IP of network object

mahesh18 · ‎05-07-2013

Hi Everyone,

I am trying to find the IP of network object.

when i ran the command --

sh run object-group network --- it shows

object-group network XYZ

network-object Cisco_1 255.255.255.0

Need to find the IP of this Cisco_1?

Thanks

Mahesh

Jouni Forss · ‎05-07-2013

Hi Mahesh,

To me it seems that "Cisco_1" is a "name" configured on the ASA itself

So its not a name of an "object" or and "object-group"

Try this command and see what it shows

show run name | inc Cisco_1

It should give you the actual IP address associated with that name. Its probably some network address since we can see from your post that there is a /24 mask associated.

Alternatively you can just use the command

show run name

And find the correct name/IP pairing from the list. Depending on the environment, there might be several of these.

If you want to disable this mapping between a "name" and an IP address you can use the following command

no names

After this if you issue the command "show run object-group XYZ" you should be able to see an IP address instead of an "Cisco_1"

Personally I NEVER map an IP address to a "name". I think it just makes troubleshooting harder. It might be fine for people that use ASDM, but I use only CLI so it doesnt do me much good

Hope this helps

- Jouni

View solution in original post

Jouni Forss · ‎05-07-2013

Hi,

Julio, I think it would not have a network mask configure under the "object-group" if it were an "object"

It would just be

object-group network XYZ

network-object object Cisco_1

- Jouni

View solution in original post

Jouni Forss · ‎05-07-2013

Hi Mahesh,

To me it seems that "Cisco_1" is a "name" configured on the ASA itself

So its not a name of an "object" or and "object-group"

Try this command and see what it shows

show run name | inc Cisco_1

It should give you the actual IP address associated with that name. Its probably some network address since we can see from your post that there is a /24 mask associated.

Alternatively you can just use the command

show run name

And find the correct name/IP pairing from the list. Depending on the environment, there might be several of these.

If you want to disable this mapping between a "name" and an IP address you can use the following command

no names

After this if you issue the command "show run object-group XYZ" you should be able to see an IP address instead of an "Cisco_1"

Personally I NEVER map an IP address to a "name". I think it just makes troubleshooting harder. It might be fine for people that use ASDM, but I use only CLI so it doesnt do me much good

Hope this helps

- Jouni

Julio Carvajal · ‎05-07-2013

Hello Jouni and Mahesh,

Actually the thing here is that he is using an object host inside an object group not a name

So just to find the IP address do the following:

Example

object-group network Julio

network-object object TEST

object network TEST

host 3.3.3.3

If we do a show run object id TEST you will get it

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Jouni Forss · ‎05-07-2013

Hi,

Julio, I think it would not have a network mask configure under the "object-group" if it were an "object"

It would just be

object-group network XYZ

network-object object Cisco_1

- Jouni

Julio Carvajal · ‎05-07-2013

You could also use:

sh run object in-line | include TEST

object network TEST host 3.3.3.3

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

mahesh18 · ‎05-07-2013

Hi Jouni & Julio,

Command sh run object id

gives message object-group does not exist.

there is no option for sh run object in-line

commands worked are

show run name | inc Cisco_1

sh run name

by running above 2 commands i can see the IP address of cisco.

Many thanks 2 both of you.

Regards

MAhesh