07-04-2011 08:12 AM - edited 03-11-2019 01:54 PM
Hi there,
After upgrading to 8.4(2) and ASDM 6.4(5) I seem to have an extra access rule duplicating an existing rule, this is only visable through the ASDM. When using the CLI you can't see this duplicate rule.
I therfore get the following warning everytime I make a config change using the ASDM -
[WARNING] access-list acl_in line 8 extended deny udp any any eq snmp
<acl_in> found duplicate element
If I delete this rule it returns everytime I launch the ASDM!
Is this a bug?
I also have extra config under Firewall>Configuration>Public Servers that I didn't have before. If I delete it, again it returns.
Cheers
Tim
07-04-2011 10:12 AM
The public servers you see is to be expected.
http://www.cisco.com/en/US/docs/security/asa/asa83/asdm63/configuration_guide/public_servers.html
As far as the ACL duplication I have not run into it yet. I have try this out in the lab to see if this is some new defect.
Make sure the CLI and ASDM are sync-ed and make sure not to make any changes via CLI while launching or using ASDM. Hit the refresh button and then see if the duplicate ACLs show.
-KS
07-05-2011 06:58 AM
Thanks for your response, I have tried downgrading to ASDM 6.4(3) and I don't get the duplicate ACL, as soon as I upgrade to 6.4(5) it comes back.
I have tried deleting the duplicate rule using the ASDM, when I hit apply I get the message "no changes made" it disappears but then returns when I hit refresh, if I delete the rule using the CLI it dosn't show up in the ASDM.
Cheers
Tim
07-05-2011 07:26 AM
Hi Tim,
I am a bit interested in what kind of ACL's are these, are they simple interface ACL's or ACL's used for policy nat. Could you just send a screen shot of the ASDM page???
Thanks,
Varun
07-05-2011 08:03 AM
Its just some simple ACL's blocking some types of UDP traffic, Line 1 & 5 are duplicated.
07-14-2011 09:16 AM
Hi Tim,
I would suggest looking into this by opening a case with TAC. Certainly looks like something wrong here.
Regards,
prapanch
02-29-2012 02:10 AM
hi tim
i run into exact the same problem, and it seems, that there is a asdm bug with snmp/snmptrap rules
if you create the same rule with ips/networks or object it works, if you create a snmp/snmptrap rule with any as source or destination it shows the duplicate
regards
11-02-2012 01:40 AM
its resolved with 6.5.1 (on the asa-sm), but now asdm ignores subnet masks within network objects ...
11-01-2012 02:50 PM
I have encountered the same issues with ASA code 82.(5) and asdm version 6.4(5). Has anyone resolved the issue with a new version of ASDM, such as 7.0.2?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide