ASA duplicate IP in Object-Groups

February 13, 2022 / Balaji Bandi / 0 Comments

I have various ASA model in the network and various engineer work to create different ACL . Object and Groups, this become over head of too many Objects and Object-group with Duplicate IP.

So i have used below Python script to extract the information from config.

show run (download the ASA config on Linux host and run below Python file)

find_duplicate_ips.py (below content)

import re
from collections import defaultdict

# Replace with your ASA config file path
with open('asa_config.txt') as f:
    asa_config = f.read()

# Find all object-group network blocks
og_pattern = re.compile(r'(object-group network .+?)(?=object-group|\Z)', re.DOTALL)
ip_pattern = re.compile(r'network-object host ([\d.]+)')

ip_to_groups = defaultdict(list)

for block in og_pattern.findall(asa_config):
    # Extract group name
    group_match = re.search(r'object-group network (\S+)', block)
    if not group_match:
        continue
    group_name = group_match.group(1)
    # Find IP entries
    for ip in ip_pattern.findall(block):
        ip_to_groups[ip].append(group_name)

# Report duplicate IPs used in multiple object-groups
for ip, groups in ip_to_groups.items():
    if len(groups) > 1:
        print(f'Duplicate IP {ip} is in object-groups: {groups}')


python3 -m pdb find_duplicate_ips.py

Happy Labbbbingggggggggggggggggggggg!