Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2327
Views
25
Helpful
10
Replies

Ac

Go to solution
CiscoPurpleBelt
Level 6
Level 6

‎07-01-2021 09:05 AM - edited ‎07-21-2021 01:40 PM

I just noticed that an ACL shows in ASDM fine but nowhere to be found in running-config all!

Could my NVRAM or something be bad on ASA5585?

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Sheraz.Salim
VIP
VIP
In response to CiscoPurpleBelt

‎07-01-2021 01:04 PM

Cisco BlueBelt_Stripe just make sure you are running ASA code compatibility with ASDM. I have seem in past where the software ASDM was not compatible with ASA code give you strange issue/behavior. 

 

you have not mentioned what software ASA code and what ASDM you running. here on this page you can match if you are running the ASA code with is compatible with ASDM.

 

 

Could my NVRAM or something be bad on ASA5585?

 - I do not think so if this is the case you can issue "dir flash:" to check/see it.

 

If i get is right you can see the ACL entries on ASDM but when you SSH to the unit you do not see the ACL. Stupid question but have you issue the command "show run" or "show run all" or  "more system:running-config"

 

 

 

please do not forget to rate.

View solution in original post

Go to solution
Sheraz.Salim
VIP
VIP
In response to CiscoPurpleBelt

‎07-02-2021 07:57 AM

CiscoBlueBelt_Strip. l love your name

 

anyway I just look at cisco ASDM matrix here is the support version for you ASA Code.

 

ASDM.PNG

 

where as you running 7.8(1). would be good if you match according to cisco guidelines.

please do not forget to rate.

View solution in original post

10 Replies 10

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎07-01-2021 09:25 AM

have clicked save and apply ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
CiscoPurpleBelt
Level 6
Level 6
In response to balaji.bandi

‎07-01-2021 11:32 AM

Yes, save. Etc.

0 Helpful

Go to solution
Sheraz.Salim
VIP
VIP

‎07-01-2021 10:18 AM

What is the software version you on ASA and what is the ASDM Image? Did you apply click the apply button at ASDM to push the configuration?

 

Just a site note enable command preview on ASDM.  First open up ASDM and go to Tools -> PreferencesThen on the General Tab, you’ll see under the Communications section an option titled “Preview commands before sending them to the device.” Check that little check box there and hit Okay.

 

enabling this you can take the copy of your configuration before pushing to the ASA incase if the configuration not pushed least you have the command you can either do it from SSH CLI.

 

 

please do not forget to rate.

Go to solution
CiscoPurpleBelt
Level 6
Level 6
In response to Sheraz.Salim

‎07-01-2021 11:38 AM

Awesome.

 

So the ACL has numerous entiies which is shown on GUI but not running config. Very strange

0 Helpful

Go to solution
Sheraz.Salim
VIP
VIP
In response to CiscoPurpleBelt

‎07-01-2021 01:04 PM

Cisco BlueBelt_Stripe just make sure you are running ASA code compatibility with ASDM. I have seem in past where the software ASDM was not compatible with ASA code give you strange issue/behavior. 

 

you have not mentioned what software ASA code and what ASDM you running. here on this page you can match if you are running the ASA code with is compatible with ASDM.

 

 

Could my NVRAM or something be bad on ASA5585?

 - I do not think so if this is the case you can issue "dir flash:" to check/see it.

 

If i get is right you can see the ACL entries on ASDM but when you SSH to the unit you do not see the ACL. Stupid question but have you issue the command "show run" or "show run all" or  "more system:running-config"

 

 

 

please do not forget to rate.

Go to solution
CiscoPurpleBelt
Level 6
Level 6
In response to Sheraz.Salim

‎07-02-2021 06:13 AM

ASA version 9.6(3)1

ASDM 7.8(1)

 

Yes I click apply. Actually first I did command via CLI, then that entry is only shown on Advanced>ACL manager and not under Access rules. So no other entries of the ACL (which indeed is applied otherwise lots of traffic would not work) is not shown in running config

0 Helpful

Go to solution
Sheraz.Salim
VIP
VIP
In response to CiscoPurpleBelt

‎07-02-2021 07:57 AM

CiscoBlueBelt_Strip. l love your name

 

anyway I just look at cisco ASDM matrix here is the support version for you ASA Code.

 

ASDM.PNG

 

where as you running 7.8(1). would be good if you match according to cisco guidelines.

please do not forget to rate.

Go to solution
CiscoPurpleBelt
Level 6
Level 6
In response to Sheraz.Salim

‎07-14-2021 07:33 AM

Hi, yes I noticed it is not matching. Upon doing more t-shooting, appears ASA does not like objects or groups. Added rules that still would not allow traffic, but only worked if just using IP instead of an object in the ACL statement. Weird. Packet-tracer would show rules should work and all, but packet captures showed traffic not moving betweeen interfaces, and montiring log would show it was being denied. Any other ideas besides matching versions?

 

Thanks. Just noticed name should be Cisco_Blue_Belt_1_stripe LOL as I promoted myself. Will be changing color soon

0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP

‎07-01-2021 02:22 PM

I have seen this issue before.  For me upgrading ASA and ASDM images solved the issue.

--
Please remember to select a correct answer and rate helpful posts

Go to solution
CiscoPurpleBelt
Level 6
Level 6
In response to Marius Gunnerud

‎07-02-2021 06:10 AM

Yes what I had in mind

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card