Solved: ASA5505 8.4(4)1 Access-Lists created in CLI do not show in ASDM 6.4(9)

Thomas-Nicholson · ‎05-01-2013

Yesterday, after some help from this very forum, I configured ASA via CLI for Static PAT and created some enteries in an access-list. I will be testing that setup this evening.

However on a quick double check of the settings on the device via ASDM I could not see the acess-list settings. I searched every tab and found nothing so I PuTTYed into the device and checked the running config. The rules I created were right there. Is this something I should expect? If so doesn't it defeat the point of having a GUI if it does not show a complete running config?

The past few days have really impressed upon me that when it comes to Cisco go CLI or go home. Perhaps I'm judging too early.

-Thomas

Jouni Forss · ‎05-01-2013

Hi,

Probably not that helpful answers but I have not run into this. Though one of the main reasons has to be that I dont use ADSM to configure NAT or ACLs on the ASA at all.

I find using the CLI is more straight forward as you can write a single command and see the whole configurations instead of browsing through all the dropdown menus and tabs of ASDM. Though I still see it as a valuable tool to make some quick changes or perhaps troubleshoot issues and monitor the devices current status.

With regards to NAT and ACL configurations I find its usually troublesome if people use both ASDM and CLI. ASDM generates alot of configurations that might seem simple on the ASDM side but create overly complicated/complex configurations on the CLI side. It also seems to me that the ASDM really causes a lot of confusion what the different fields in the configurations mean since some configurations seen on these forums are really wierd. I personally feel that when you understand the ASA on the CLI, you really understand its operation better than if you just stick to the ASDM

On a fast glance I wasnt able to find a listed bug for ASDM that could explain this

Are you sure you have attached the ACL to an interface? If its not attached to an interface it wont atleast show in the Configuration -> Firewall -> Access Rules -section of ASDM.

On the CLI the command to attach and ACL to a certain interface would be

access-group in interface

I use the direction "in" since that is the most typically used.

- Jouni

View solution in original post

Jouni Forss · ‎05-01-2013

Hi,

Probably not that helpful answers but I have not run into this. Though one of the main reasons has to be that I dont use ADSM to configure NAT or ACLs on the ASA at all.

I find using the CLI is more straight forward as you can write a single command and see the whole configurations instead of browsing through all the dropdown menus and tabs of ASDM. Though I still see it as a valuable tool to make some quick changes or perhaps troubleshoot issues and monitor the devices current status.

With regards to NAT and ACL configurations I find its usually troublesome if people use both ASDM and CLI. ASDM generates alot of configurations that might seem simple on the ASDM side but create overly complicated/complex configurations on the CLI side. It also seems to me that the ASDM really causes a lot of confusion what the different fields in the configurations mean since some configurations seen on these forums are really wierd. I personally feel that when you understand the ASA on the CLI, you really understand its operation better than if you just stick to the ASDM

On a fast glance I wasnt able to find a listed bug for ASDM that could explain this

Are you sure you have attached the ACL to an interface? If its not attached to an interface it wont atleast show in the Configuration -> Firewall -> Access Rules -section of ASDM.

On the CLI the command to attach and ACL to a certain interface would be

access-group in interface

I use the direction "in" since that is the most typically used.

- Jouni

Thomas-Nicholson · ‎05-01-2013

Thanks Jouni,

That's twice you've helped me understand in under 24hours!