07-04-2011 08:12 AM - edited 03-11-2019 01:54 PM
Hi there,
After upgrading to 8.4(2) and ASDM 6.4(5) I seem to have an extra access rule duplicating an existing rule, this is only visable through the ASDM. When using the CLI you can't see this duplicate rule.
I therfore get the following warning everytime I make a config change using the ASDM -
[WARNING] access-list acl_in line 8 extended deny udp any any eq snmp
<acl_in> found duplicate element
If I delete this rule it returns everytime I launch the ASDM!
Is this a bug?
I also have extra config under Firewall>Configuration>Public Servers that I didn't have before. If I delete it, again it returns.
Cheers
Tim
07-04-2011 10:12 AM
The public servers you see is to be expected.
http://www.cisco.com/en/US/docs/security/asa/asa83/asdm63/configuration_guide/public_servers.html
As far as the ACL duplication I have not run into it yet. I have try this out in the lab to see if this is some new defect.
Make sure the CLI and ASDM are sync-ed and make sure not to make any changes via CLI while launching or using ASDM. Hit the refresh button and then see if the duplicate ACLs show.
-KS
07-05-2011 06:58 AM
Thanks for your response, I have tried downgrading to ASDM 6.4(3) and I don't get the duplicate ACL, as soon as I upgrade to 6.4(5) it comes back.
I have tried deleting the duplicate rule using the ASDM, when I hit apply I get the message "no changes made" it disappears but then returns when I hit refresh, if I delete the rule using the CLI it dosn't show up in the ASDM.
Cheers
Tim
07-05-2011 07:26 AM
Hi Tim,
I am a bit interested in what kind of ACL's are these, are they simple interface ACL's or ACL's used for policy nat. Could you just send a screen shot of the ASDM page???
Thanks,
Varun
07-05-2011 08:03 AM
Its just some simple ACL's blocking some types of UDP traffic, Line 1 & 5 are duplicated.
07-14-2011 09:16 AM
Hi Tim,
I would suggest looking into this by opening a case with TAC. Certainly looks like something wrong here.
Regards,
prapanch
02-29-2012 02:10 AM
hi tim
i run into exact the same problem, and it seems, that there is a asdm bug with snmp/snmptrap rules
if you create the same rule with ips/networks or object it works, if you create a snmp/snmptrap rule with any as source or destination it shows the duplicate
regards
11-02-2012 01:40 AM
its resolved with 6.5.1 (on the asa-sm), but now asdm ignores subnet masks within network objects ...
11-01-2012 02:50 PM
I have encountered the same issues with ASA code 82.(5) and asdm version 6.4(5). Has anyone resolved the issue with a new version of ASDM, such as 7.0.2?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: