Cisco ASA – View The Contents of an Object and Object-Group

KB ID 0001043 

Problem

My colleague loves the ASDM, I put up with it and prefer command line. We were troubleshooting a problem the other day and he said, there this is why I prefer the ASDM, just ‘hover’ over an object-group and it will show you the contents of it.

object-group members

Now if (like my test firewall above) you only have a few hosts, then I don’t see the point, but if you have a very complicated config with hundreds of object-groups and thousands of hosts, even troubleshooting why host ‘x’ can’t get to server ‘y’ on port ‘z’ can be a painstaking process.

So I dropped to CLI and tried to do the same;

Petes-ASA(config)# show object-group Obj-ALL-PROD-DMZ
                                   ^

ERROR: % Invalid input detected at '^' marker.

Petes-ASA(config)# show object-group network Obj-ALL-PROD-DMZs 

                                           ^

ERROR: % Invalid input detected at '^' marker.

 

Solution

View Contents of an Object Group

Turns out you need to use the ‘id’ parameter, or it won’t work;

Petes-ASA(config)# show object-group id Obj-ALL-PROD-DMZs

object-group network Obj-ALL-PROD-DMZs

network-object 192.168.110.0 255.255.255.0

network-object 192.168.121.0 255.255.255.0

network-object 192.168.130.0 255.255.255.0

network-object 192.168.141.0 255.255.255.0

network-object 192.168.140.0 255.255.255.0

network-object 192.168.210.0 255.255.255.0

network-object 192.168.220.0 255.255.255.0

Petes-ASA(config)#

I’ve been using that a lot this week.

View Contents of an Object

If you try an to the same this for an object, you will get nothing, you need to add the run keyword as follows;

Won't Work!
Petes-ASA# show object id Internal_RDP_Server    
object-group Internal_RDP_Server does not exist
Petes-ASA# 

Use 'run'
Petes-ASA# show run object id Internal_RDP_Server
object network Internal_RDP_Server
 host 192.168.100.10

Related Articles, References, Credits, or External Links

Original article written 25/03/15

Author: Migrated

Share This Post On