cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


249
Views
0
Helpful
4
Replies
Highlighted

Reference group got created automatically in cisco pix

   Hi,

I got into one issue with Cisco PIX.

For providing access in the Pix firewall from outside interface to inside interface, I have created one group with corresponding ip's and policies are created for the same at respective interfaces. But reference group has got created automatically referring to original group and same was used at the inside interface in ACL.

asdm group port_Group outside
asdm group port_Group_ref inside reference port_Group.


object-group network  port_Group

network-object 172.17.119.179 255.255.255.255

network-object 172.17.119.155 255.255.255.255

object-group network port_Group_ref
network-object 172.17.119.179 255.255.255.255

network-object 172.17.119.155 255.255.255.255


access-list inside extended permit tcp object-group port_Group_ref object-group server1 eq ftp

access-list outside extended permit tcp object-group port_Group object-group server1 eq ftp


Pix version  is 7.0(4) and device manager version is 5.0(4).

 

Is this default behaviour or Is there any bug with IOS and will it create any  issuess ?


Rgds

Ravi

Everyone's tags (5)
4 REPLIES 4
Cisco Employee

Reference group got created automatically in cisco pix

It does sound like a bug, and i would recommend that you remove the extra command that was automatically created.

You are running quite an old version of code as well, maybe it is worth upgrading it.

Reference group got created automatically in cisco pix

Thanks but can I know is any bug listed on cisco site for above behaviour ? It will help me to give justification to my management to upgrade the IOS of ASDM.

Rgds

Ravi

Reference group got created automatically in cisco pix

I forgot to mention one thing. I faced above problem when I had done configuration through ASDM.

Cisco Employee

Reference group got created automatically in cisco pix

Can't seem to find any matching bug.

However, version 7.0 is already EOL, and here is the EOL notification:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5709/ps2030/end_of_life_notice_for_cisco_pix_sec_app_v7.html

There won't be anymore bug fixes for version 7.0.

Well, actually version 7.1, 8.0 is already all EOL, and PIX is also EOL.

It's probably time to move to ASA firewall which is the replacement of PIX.