Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
356
Views
0
Helpful
3
Replies

searching destination via ASDM, how with 8.3+??

Go to solution
DannyHuston
Level 1
Level 1

‎04-08-2013 02:47 PM - edited ‎03-11-2019 06:25 PM

When using ASDM with 8.2 and older code it was easy to search all ACLs based on destination IP by using the filter.  With 8.3 and newer code (I'm testing 9.1) this is no longer the case since ACLs now use real IP.  Is there anyway to search for the NAT-ed/public IP in destination?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎04-08-2013 02:59 PM

Hi,

Though I rarely use ASDM I would imagine that you simply cannot do any kind of search that would tell you the public IP address as its not referenced in the ACL rules because of the change you mention.

Then again I think you might have one option.

If you previously had Static NAT configuration and could use the public IP address to find the ACL rules for that specific IP then you could consider renaming/naming your Static NAT objects to use the public IP address in them

For example you might currently have

object network STATIC

host 10.10.10.10

nat (inside,outside) static 1.2.3.4

Where the IP 1.2.3.4 is for example the public IP address

Now if you rename the object to something like this

object network STATIC-1.2.3.4

host 10.10.10.10

nat (inside,outside) static 1.2.3.4

Then you could still do searches using the public IP address.

You should be able to rename the "object network " without affecting the NAT configuration.

On the CLI its done with the command "object network rename "

Change for my example NAT object would be done with

object network STATIC rename STATIC-1.2.3.4

Hope this helps

- Jouni

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎04-08-2013 02:59 PM

Hi,

Though I rarely use ASDM I would imagine that you simply cannot do any kind of search that would tell you the public IP address as its not referenced in the ACL rules because of the change you mention.

Then again I think you might have one option.

If you previously had Static NAT configuration and could use the public IP address to find the ACL rules for that specific IP then you could consider renaming/naming your Static NAT objects to use the public IP address in them

For example you might currently have

object network STATIC

host 10.10.10.10

nat (inside,outside) static 1.2.3.4

Where the IP 1.2.3.4 is for example the public IP address

Now if you rename the object to something like this

object network STATIC-1.2.3.4

host 10.10.10.10

nat (inside,outside) static 1.2.3.4

Then you could still do searches using the public IP address.

You should be able to rename the "object network " without affecting the NAT configuration.

On the CLI its done with the command "object network rename "

Change for my example NAT object would be done with

object network STATIC rename STATIC-1.2.3.4

Hope this helps

- Jouni

0 Helpful

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni
In response to Jouni Forss

‎04-08-2013 03:15 PM

I guess the ASDM cant use the object name as a parameter of search. Or I am just doing it wrong

On the CLI this easily done though.

show access-list | inc 1.2.3.4

- Jouni

0 Helpful

Go to solution
DannyHuston
Level 1
Level 1
In response to Jouni Forss

‎04-08-2013 03:20 PM

Acutally that makes more sense.  Currently I'm doing obj-name where name is the private internal IP but it makes more sense that the firewall in particular I'm looking at only filters inbound from internet rules so I'm more interested in public IP when looking at rules.  I think I will just rename.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card