cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3870
Views
0
Helpful
8
Replies

ASA 5520 - 8.4(2) ASDM 6.4(5)

Tim Davies
Level 1
Level 1

Hi there,

After upgrading to 8.4(2) and ASDM 6.4(5) I seem to have an extra access rule duplicating an existing rule, this is only visable through the ASDM. When using the CLI you can't see this duplicate rule.

I therfore get the following warning everytime I make a config change using the ASDM -

[WARNING] access-list acl_in line 8 extended deny udp any any eq snmp

  <acl_in> found duplicate element

If I delete this rule it returns everytime I launch the ASDM!

Is this a bug?

I also have extra config under Firewall>Configuration>Public Servers that I didn't have before. If I delete it, again it returns.

Cheers

Tim

8 Replies 8

Kureli Sankar
Cisco Employee
Cisco Employee

The public servers you see is to be expected.

http://www.cisco.com/en/US/docs/security/asa/asa83/asdm63/configuration_guide/public_servers.html

As far as the ACL duplication I have not run into it yet.  I have try this out in the lab to see if this is some new defect.

Make sure the CLI and ASDM are sync-ed and make sure not to make any changes via CLI while launching or using ASDM.  Hit the refresh button and then see if the duplicate ACLs show.

-KS

Thanks for your response, I have tried downgrading to ASDM 6.4(3) and I don't get the duplicate ACL, as soon as I upgrade to 6.4(5) it comes back.

I have tried deleting the duplicate rule using the ASDM, when I hit apply I get the message "no changes made" it disappears but then returns when I hit refresh, if I delete the rule using the CLI it dosn't show up in the ASDM.

Cheers
Tim

Hi Tim,

I am a bit interested in what kind of ACL's are these, are they simple interface ACL's or ACL's used for policy nat. Could you just send a screen shot of the ASDM page???

Thanks,

Varun

Thanks,
Varun Rao

Its just some simple ACL's blocking some types of UDP traffic, Line 1 & 5 are duplicated.

Hi Tim,

I would suggest looking into this by opening a case with TAC. Certainly looks like something wrong here.

Regards,

prapanch

hi tim

i run into exact the same problem, and it seems, that there is a asdm bug with snmp/snmptrap rules

if you create the same rule with ips/networks or object it works, if you create a snmp/snmptrap rule with any as source or destination it shows the duplicate

regards

its resolved with 6.5.1 (on the asa-sm), but now asdm ignores subnet masks within network objects ...

Razmeth
Level 1
Level 1

I have encountered the same issues with ASA code 82.(5) and asdm version 6.4(5).  Has anyone resolved the issue with a new version of ASDM, such as 7.0.2?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: