cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

3364
Views
0
Helpful
8
Replies
Highlighted
Beginner

ASA 5520 - 8.4(2) ASDM 6.4(5)

Hi there,

After upgrading to 8.4(2) and ASDM 6.4(5) I seem to have an extra access rule duplicating an existing rule, this is only visable through the ASDM. When using the CLI you can't see this duplicate rule.

I therfore get the following warning everytime I make a config change using the ASDM -

[WARNING] access-list acl_in line 8 extended deny udp any any eq snmp

  <acl_in> found duplicate element

If I delete this rule it returns everytime I launch the ASDM!

Is this a bug?

I also have extra config under Firewall>Configuration>Public Servers that I didn't have before. If I delete it, again it returns.

Cheers

Tim

8 REPLIES 8
Highlighted
Cisco Employee

The public servers you see is to be expected.

http://www.cisco.com/en/US/docs/security/asa/asa83/asdm63/configuration_guide/public_servers.html

As far as the ACL duplication I have not run into it yet.  I have try this out in the lab to see if this is some new defect.

Make sure the CLI and ASDM are sync-ed and make sure not to make any changes via CLI while launching or using ASDM.  Hit the refresh button and then see if the duplicate ACLs show.

-KS

Highlighted

Thanks for your response, I have tried downgrading to ASDM 6.4(3) and I don't get the duplicate ACL, as soon as I upgrade to 6.4(5) it comes back.

I have tried deleting the duplicate rule using the ASDM, when I hit apply I get the message "no changes made" it disappears but then returns when I hit refresh, if I delete the rule using the CLI it dosn't show up in the ASDM.

Cheers
Tim

Highlighted

Hi Tim,

I am a bit interested in what kind of ACL's are these, are they simple interface ACL's or ACL's used for policy nat. Could you just send a screen shot of the ASDM page???

Thanks,

Varun

Thanks,
Varun Rao
Highlighted

Its just some simple ACL's blocking some types of UDP traffic, Line 1 & 5 are duplicated.

Highlighted

Hi Tim,

I would suggest looking into this by opening a case with TAC. Certainly looks like something wrong here.

Regards,

prapanch

Highlighted

hi tim

i run into exact the same problem, and it seems, that there is a asdm bug with snmp/snmptrap rules

if you create the same rule with ips/networks or object it works, if you create a snmp/snmptrap rule with any as source or destination it shows the duplicate

regards

Highlighted

its resolved with 6.5.1 (on the asa-sm), but now asdm ignores subnet masks within network objects ...

Highlighted
Beginner

I have encountered the same issues with ASA code 82.(5) and asdm version 6.4(5).  Has anyone resolved the issue with a new version of ASDM, such as 7.0.2?

Content for Community-Ad