cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
432
Views
0
Helpful
4
Replies

Reference group got created automatically in cisco pix

   Hi,

I got into one issue with Cisco PIX.

For providing access in the Pix firewall from outside interface to inside interface, I have created one group with corresponding ip's and policies are created for the same at respective interfaces. But reference group has got created automatically referring to original group and same was used at the inside interface in ACL.

asdm group port_Group outside
asdm group port_Group_ref inside reference port_Group.


object-group network  port_Group

network-object 172.17.119.179 255.255.255.255

network-object 172.17.119.155 255.255.255.255

object-group network port_Group_ref
network-object 172.17.119.179 255.255.255.255

network-object 172.17.119.155 255.255.255.255


access-list inside extended permit tcp object-group port_Group_ref object-group server1 eq ftp

access-list outside extended permit tcp object-group port_Group object-group server1 eq ftp


Pix version  is 7.0(4) and device manager version is 5.0(4).

 

Is this default behaviour or Is there any bug with IOS and will it create any  issuess ?


Rgds

Ravi

4 Replies 4

Jennifer Halim
Cisco Employee
Cisco Employee

It does sound like a bug, and i would recommend that you remove the extra command that was automatically created.

You are running quite an old version of code as well, maybe it is worth upgrading it.

Thanks but can I know is any bug listed on cisco site for above behaviour ? It will help me to give justification to my management to upgrade the IOS of ASDM.

Rgds

Ravi

I forgot to mention one thing. I faced above problem when I had done configuration through ASDM.

Can't seem to find any matching bug.

However, version 7.0 is already EOL, and here is the EOL notification:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5709/ps2030/end_of_life_notice_for_cisco_pix_sec_app_v7.html

There won't be anymore bug fixes for version 7.0.

Well, actually version 7.1, 8.0 is already all EOL, and PIX is also EOL.

It's probably time to move to ASA firewall which is the replacement of PIX.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: