HOW TO USE SHOW OBJECT-GROUP NETWORK AND RETURN NAME, COMMENTS OF THE OBJECT?

anderson andrade · ‎06-08-2018

Hi Anyone how a make the command show object-group network

returns the name, and comments for the object group?

like:

#show object-group network | inc 10.80.30.46

RETURNS (SAMPLE):

object-group network SERVERS

#DNS SERVERS#

network-object object 10.80.30.46

I need verify object, rules, nats, etc in almost 138 hosts, in 60 firewalls,

Thanks ahead,

#enablecisco

Florin Barhala · ‎06-11-2018

First of all I would favor ASDM over CLI as ASDM "features the feature" where used.
CLI wise:
show run nat | i IP_address
show access-list | i IP_address

show run access-group | i ACL name from above command.

Bogdan Nita · ‎06-11-2018

Hi @anderson andrade,

When looking though objects there is a nice option that lets me see the name of the object

ciscoasa# sh runn object in-line | i 10.0.0.0
object network OBJ-TEST subnet 10.0.0.0 255.0.0.0

Unfortunately for object groups that option is not available, but we can still use include for instance like this: sh run object-group | in ^object-group|<ip address>

It will show you the names of all the object-groups configured, but you should be able to get the object-group that contains a specific network.

Example:

object-group network OBJ-TEST
network-object 10.0.0.0 255.0.0.0
object-group network OBJ-TEST2
network-object 172.16.0.0 255.240.0.0
object-group network OBJ-TEST3
network-object 192.168.0.0 255.255.0.0
!
ASA-HH-Amelungstr/sec/act# sh run object-group | in ^object-group|10.0.0.0
object-group network OBJ-TEST
network-object 10.0.0.0 255.255.255.0
object-group network OBJ-TEST2
object-group network OBJ-TEST3

HTH

Bogdan

HOW TO USE SHOW OBJECT-GROUP NETWORK AND RETURN NAME, COMMENTS OF THE OBJECT?

How to view & verify object-group