Solved: Re: Rename Name command in ASA

mahesh18 · ‎11-14-2013

Hi everyone,

We have name command mapped to names and IP address in the ASA.

example

name 192.168.50.1 Unix servers

Is there way i can rename the Unix servers to something else without causing outage.

I checked on ASA but could not find it.

This name command is used by the ACL in the ASA.

Regards

MAhesh

Jouni Forss · ‎11-14-2013

Hi Mahesh,

EDIT: I assume that the line above is not what is exactly on the firewall? To me it seems that there can not be a space in the name. So the "name Unix Servers" line is probably something else actually on your firewall?

The "name" command only gives a name to an IP address which will show up in the configuration instead of the IP address depending on if you have "names" or "no names" configured.

You can remove the "name" command and configure the new "name" command with the new IP address without causing any problems.

I assume this relates to the earlier discussion about changing the server IP address.

If you are not going to use the same name for the new IP address then you can already configure it now with the new IP address. If you want to use the same "name Unix Servers" then you have to remove the old "name" command and enter a new one

no name 192.168.50.1 Unix servers

name Unix servers

The only effect removing the old one will have is that some output on the firewall will start to show the IP address 192.168.50.1 instead of Unix servers

It seems also that there is a slight difference in the behaviour of this configuration depending on the software level. Seems that from 8.3 software onwards this doesnt affect "access-list" anymore. As in, the configured "name" wont replace the IP address in the ACL configurations/output

Here is one example related to the output with and without "name" configured

ASA(config)# sh run ssh

ssh 10.0.0.100 255.255.255.255 LAN

ASA(config)# name 10.0.0.100 HOST-NAME

ASA(config)# sh run name

name 10.0.0.100 HOST-NAME

ASA(config)# sh run ssh

ssh HOST-NAME 255.255.255.255 LAN

ASA(config)# no name 10.0.0.100 HOST-NAME

ASA(config)# sh run ssh

ssh 10.0.0.100 255.255.255.255 LAN

As you can see the only thing changing is how the ASA shows the IP address. Either with the "name" or without one.

- Jouni

View solution in original post

Jouni Forss · ‎11-15-2013

Hi Mahesh,

My understanding is that the "name" configuration is just a cosmetical factor in the ASA configuration. What I mean by that is that without any "name" configurations all you would see is IP addresses in the different ASA configurations.

If you add a "name" configuration then that "name" will be shown instead of the IP address (for which the "name" was configured) in the ASA configurations. According to the Command Reference there are differences between software levels on which configurations this "name" shows instead of the IP address.

Have a look at my previous example related to the "name" and "ssh" configurations.

I allowed SSH from a single host
I configured "name" for that host
I confirmed that the IP address has been replaced with the "name"
I removed the "name" configuration completely
I checked the SSH configuration again and only the IP address remained

So on the basis of the above it wouldnt seem to me that the "name" has any affect on your firewall behaviour other than cosmetical changes in the output of the configurations.

I mean if you issued "no names" command for example then the ASA would stop replacing the IP address with the "name" configurations. Then if you inserted "names" it would show all of them again.

- Jouni

View solution in original post

Jouni Forss · ‎11-14-2013

Hi Mahesh,

EDIT: I assume that the line above is not what is exactly on the firewall? To me it seems that there can not be a space in the name. So the "name Unix Servers" line is probably something else actually on your firewall?

The "name" command only gives a name to an IP address which will show up in the configuration instead of the IP address depending on if you have "names" or "no names" configured.

You can remove the "name" command and configure the new "name" command with the new IP address without causing any problems.

I assume this relates to the earlier discussion about changing the server IP address.

If you are not going to use the same name for the new IP address then you can already configure it now with the new IP address. If you want to use the same "name Unix Servers" then you have to remove the old "name" command and enter a new one

no name 192.168.50.1 Unix servers

name Unix servers

The only effect removing the old one will have is that some output on the firewall will start to show the IP address 192.168.50.1 instead of Unix servers

It seems also that there is a slight difference in the behaviour of this configuration depending on the software level. Seems that from 8.3 software onwards this doesnt affect "access-list" anymore. As in, the configured "name" wont replace the IP address in the ACL configurations/output

Here is one example related to the output with and without "name" configured

ASA(config)# sh run ssh

ssh 10.0.0.100 255.255.255.255 LAN

ASA(config)# name 10.0.0.100 HOST-NAME

ASA(config)# sh run name

name 10.0.0.100 HOST-NAME

ASA(config)# sh run ssh

ssh HOST-NAME 255.255.255.255 LAN

ASA(config)# no name 10.0.0.100 HOST-NAME

ASA(config)# sh run ssh

ssh 10.0.0.100 255.255.255.255 LAN

As you can see the only thing changing is how the ASA shows the IP address. Either with the "name" or without one.

- Jouni

mahesh18 · ‎11-14-2013

Hi Jouni,

You are correct there should not be space between name.

below is right way

name 192.168.50.1 Unix-servers

When you say --

You can remove the "name" command and configure the new "name" command with the new IP address without causing any problems.

I checked in the acl the name is used there instead of IP address .If i remove the name command will not that cause the outage?

this is what i am trying to do

current ASA has say this config

name 192.168.50.1 Unix-servers

i want this instead same IP only name will change as below

name 192.168.50.1 XYZ

Also this is not linked to previous discussion changing the IP of the server.Here i just want to rename the name to something else as compare to current config.

Reason i am doing this is that we want common or same object group and there contents across all the firewalls.

Regards

MAhesh

Message was edited by: mahesh parmar

Jouni Forss · ‎11-15-2013

Hi Mahesh,

My understanding is that the "name" configuration is just a cosmetical factor in the ASA configuration. What I mean by that is that without any "name" configurations all you would see is IP addresses in the different ASA configurations.

If you add a "name" configuration then that "name" will be shown instead of the IP address (for which the "name" was configured) in the ASA configurations. According to the Command Reference there are differences between software levels on which configurations this "name" shows instead of the IP address.

Have a look at my previous example related to the "name" and "ssh" configurations.

I allowed SSH from a single host
I configured "name" for that host
I confirmed that the IP address has been replaced with the "name"
I removed the "name" configuration completely
I checked the SSH configuration again and only the IP address remained

So on the basis of the above it wouldnt seem to me that the "name" has any affect on your firewall behaviour other than cosmetical changes in the output of the configurations.

I mean if you issued "no names" command for example then the ASA would stop replacing the IP address with the "name" configurations. Then if you inserted "names" it would show all of them again.

- Jouni

mahesh18 · ‎12-14-2013

Hi Jouni,

Was very busy at work now i understood what you said above.

Best regards

MAhesh