Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3925
Views
0
Helpful
8
Replies

ASA 5520 - 8.4(2) ASDM 6.4(5)

Tim Davies
Level 1
Level 1

‎07-04-2011 08:12 AM - edited ‎03-11-2019 01:54 PM

Hi there,

After upgrading to 8.4(2) and ASDM 6.4(5) I seem to have an extra access rule duplicating an existing rule, this is only visable through the ASDM. When using the CLI you can't see this duplicate rule.

I therfore get the following warning everytime I make a config change using the ASDM -

[WARNING] access-list acl_in line 8 extended deny udp any any eq snmp

  <acl_in> found duplicate element

If I delete this rule it returns everytime I launch the ASDM!

Is this a bug?

I also have extra config under Firewall>Configuration>Public Servers that I didn't have before. If I delete it, again it returns.

Cheers

Tim

Labels:
0 Helpful
8 Replies 8

Kureli Sankar
Cisco Employee
Cisco Employee

‎07-04-2011 10:12 AM

The public servers you see is to be expected.

http://www.cisco.com/en/US/docs/security/asa/asa83/asdm63/configuration_guide/public_servers.html

As far as the ACL duplication I have not run into it yet.  I have try this out in the lab to see if this is some new defect.

Make sure the CLI and ASDM are sync-ed and make sure not to make any changes via CLI while launching or using ASDM.  Hit the refresh button and then see if the duplicate ACLs show.

-KS

0 Helpful

Tim Davies
Level 1
Level 1
In response to Kureli Sankar

‎07-05-2011 06:58 AM

Thanks for your response, I have tried downgrading to ASDM 6.4(3) and I don't get the duplicate ACL, as soon as I upgrade to 6.4(5) it comes back.

I have tried deleting the duplicate rule using the ASDM, when I hit apply I get the message "no changes made" it disappears but then returns when I hit refresh, if I delete the rule using the CLI it dosn't show up in the ASDM.

Cheers
Tim

0 Helpful

varrao
Level 10
Level 10
In response to Tim Davies

‎07-05-2011 07:26 AM

Hi Tim,

I am a bit interested in what kind of ACL's are these, are they simple interface ACL's or ACL's used for policy nat. Could you just send a screen shot of the ASDM page???

Thanks,

Varun

Thanks,
Varun Rao
0 Helpful

Tim Davies
Level 1
Level 1
In response to varrao

‎07-05-2011 08:03 AM

Its just some simple ACL's blocking some types of UDP traffic, Line 1 & 5 are duplicated.

0 Helpful

praprama
Cisco Employee
Cisco Employee
In response to Tim Davies

‎07-14-2011 09:16 AM

Hi Tim,

I would suggest looking into this by opening a case with TAC. Certainly looks like something wrong here.

Regards,

prapanch

0 Helpful

ronald.spicka
Level 1
Level 1
In response to Tim Davies

‎02-29-2012 02:10 AM

hi tim

i run into exact the same problem, and it seems, that there is a asdm bug with snmp/snmptrap rules

if you create the same rule with ips/networks or object it works, if you create a snmp/snmptrap rule with any as source or destination it shows the duplicate

regards

0 Helpful

ronald.spicka
Level 1
Level 1
In response to ronald.spicka

‎11-02-2012 01:40 AM

its resolved with 6.5.1 (on the asa-sm), but now asdm ignores subnet masks within network objects ...

0 Helpful

Razmeth
Level 1
Level 1

‎11-01-2012 02:50 PM

I have encountered the same issues with ASA code 82.(5) and asdm version 6.4(5).  Has anyone resolved the issue with a new version of ASDM, such as 7.0.2?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card