Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1281
Views
11
Helpful
12
Replies

ASDM View after OS upgrade

Philip Brown
Level 1
Level 1

‎02-11-2017 02:50 AM - edited ‎03-12-2019 01:55 AM

Hi, after recently upgrading the OS on a 5585,  running multiple security contexts, to v. 9.4(4), the viewable information presented in the access rules has changed !

The User and Security Group columns in all of the contexts have suddenly become populated.

Trustsec is not enabled but, I see that User Identitiy under the identity options has been set to enabled.

If I open a rule for editing, there is nothing to be seen in the User and Security Group fields although the ASDM view shows host and/or network objects.

There is nothing unusual to be seen in the ACL's when they are listed on the CLI either.

Any ideas ?

Thanks, Phil

3 people had this problem
Labels:
0 Helpful
12 Replies 12

MarcBrechbuehl
Level 1
Level 1

‎02-12-2017 11:19 PM

I have a similar problem on a 5555 after the OS upgrade to 9.4(4) (from 9.4(3)) and ASDM to 7.7(1) (from 7.6(2)-150):
In ASDM the views of Access Rules the User and Security Group columns suddenly have entries, in the edit window the fields are blank, and on the CLI there are no entries for User and Security Groups.

I backed out ASDM to version 7.6(2)-150 and have the correct view of User and Security Group columns again. So I assume there is a problem with ASDM version 7.7(1).

Cheers,
Katrin

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to MarcBrechbuehl

‎02-13-2017 12:13 AM

I had the same experience. I believe it's a bug in ASDM 7.7(1). 

0 Helpful

johnlloyd_13
Level 9
Level 9
In response to Marvin Rhoads

‎02-13-2017 12:26 AM

hi marvin,

i'm about to upgrade an ASA5525x and its ASDM to 7.7.1. is the bug confirmed? got a link?

also, do you advise to go for image asa943-12-smp-k8.bin or asa924-18-smp-k8.bin coz both are preferred/have stars on it? 

any major difference between the two? why a big jump on the image version?

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to johnlloyd_13

‎02-13-2017 12:41 AM

No confirmation of the bugid - just three of us reporting the exact same thing. I'll open a case later this week to have TAC confirm. A current bug search doesn't show it; but I suspect it's internally known and just not public-facing yet while development identifies the root cause  

I've been going with 9.4(3-12). They are both from November 2016 and 9.4 train has a number of new features not in 9.2. They both have more or less the same security bug fixes (CVEs).   

For customers not quite as conservative I've been using the latest 9.6 interim release. I'm waiting for Cisco to denote a 9.6 release with the gold star. 

johnlloyd_13
Level 9
Level 9
In response to Marvin Rhoads

‎02-13-2017 12:53 AM

+5

thanks! will go for 9.4.3 then.

0 Helpful

Flarkus
Level 1
Level 1
In response to Marvin Rhoads

‎06-22-2017 05:55 AM

FYI - This is fixed in asdm 7.8(1)150

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Flarkus

‎06-22-2017 06:11 AM

Yes - this was documented in the ASDM 7.8 Release Notes:

http://www.cisco.com/c/en/us/td/docs/security/asdm/7_8/release/notes/rn78.html#reference_z32_grc_mz

The BugID is here:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvc92151

0 Helpful

Darren Wilders
Level 1
Level 1

‎03-17-2017 04:42 AM

This still seems to be a problem with ASDM 7.7(1)150 released on the 9th March 2017.

It'll usually display the source IP in the user/group column - and if you click it, it'll change the value to "any" or to nothing or blank out part of what was there.  If you hover over it, it'll often include information from an object related to a different rule.  It's quite random.

Unfortunately, it's not always possible to downgrade to ASDM 7.6 - we're using FirePOWER Services 6.2.0 which has a minimum ASDM requirement of 7.7(1)+.

I'll probably raise a TAC request to see if they're aware of the problem - bearing in mind 7.7(1) was released on the 23rd January 2017, it seems a long time for a bug like this to not be even acknowledged.

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Darren Wilders

‎03-17-2017 05:00 AM

darrenwilders  ,

Yes I am still seeing it on the new interim ASDM release as well.

The ASDM 7.7(1)+ with FirePOWER 6.2 requirement is only if you are using the ASDM-based FirePOWER management.

If you are registered to FirePOWER Management Center you can run the older ASDM version.

0 Helpful

Darren Wilders
Level 1
Level 1
In response to Marvin Rhoads

‎03-29-2017 10:02 AM

Thanks Marvin.

We have now deployed FMC for the FirePOWER module, so we no longer need ASDM for that - therefore, we have now to downgraded to ASDM 7.6(2)150 so access rules all display OK again.

Pascal Martin
Level 1
Level 1
In response to Darren Wilders

‎05-05-2017 02:48 AM

Hi,

i've the same problem with this versions :

asdm-771-151

asa971-8-smp-k8

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Pascal Martin

‎05-05-2017 02:54 AM

Until Cisco fixes this cosmetic bug with a new release (probably not until June), you must either downgrade to 7.6(2) or use the cli to be certian about ACL contents.

If you open a TAC case you may be able to get them to provide a work around image.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card