The following does not help:
ASA# sho run object-g | in 1433
port-object eq 1433
service-object tcp eq 1433
port-object eq 1433
ASA# sho run object-g service | in 1433
port-object eq 1433
service-object tcp eq 1433
ASA# sho run object-g | be 1433
port-object eq 1433
ASA# sho run object-g | grep 1433
port-object eq 1433
service-object tcp eq 1433
port-object eq 1433
Hello,
Try this one:
sh run object service in-line | i 1433
Please rate helpful posts
Best Regards,
Eugene
ASA# sho run object-g service in-line | in 1433
^
ERROR: % Invalid input detected at '^' marker.
ASA#
Hello,
With command which I specified you can find an object which contains a service,
sh run object service in-line | i 1433
To find an object-group which contains 1433, will be easier in ASDM:
I attached a screenshot
I issued the command and firewall pointed to an error after the word service, meaning "in-line" is not one of the commands it expects after the word "service"
So what is the ASA version? Answer for object-group is ASDM.
Best Regards,
Eugene
Here's the command to find the object group name a port is in:
ASAXXX# show run object-group | in object-group | time-exceeded
object-group icmp-type ICMP_SVCS
icmp-object time-exceeded
Now you can find what else is in that object group:
ASAXXX# sho run object-group id ICMP_SVCS
object-group icmp-type ICMP_SVCS
icmp-object echo-reply
icmp-object unreachable
icmp-object echo
icmp-object time-exceeded
icmp-object traceroute
and the access-list that object group is being used in:
ASAXXX# sho access-list | in ICMP_SVCS
access-list Access_List_Name line 5 extended permit icmp object-group ABCD object-group WXYZ object-group ICMP_SVCS
So if you know a port number, you can quickly find out what object group and what access list is allowing that port.