Hi,

Seems it refers to IPv4 and IPv6

Check the below picture

- Jouni

ASDM 7.1(x) are expecting to talk to ASA 9.x where the v4 and v6 access rules were unified.  Is it trying to tell you that you are looking at a v4-only rule?

-- Jim Leinweber, WI State Lab of Hygiene

Both thoughts point to the same reasonable conclusion - I could see value in it.

However, it sin't only ICMP that can have different behaviors depending upon which version of IP they run under.  So, maybe ASDM is trying to be extra helpful for ICMP first, or...something else. Didn't see any "6" ever appear, but perhaps that would just mean Cisco/ASDM now considers IPv4 the exception and not the rule ;-}

Anyway, good thoughts and the likely answer, but I'd still like a Cisco documented reference so I can go out with an official explaination...

Hi,

I barely use ASDM for any ASA configurations. I tend to configure everything I can through the CLI and therefore I wont be the best person to answer your question.

I would go through the ASDM Release Notes for any specific changes on the ASDM

http://www.cisco.com/en/US/products/ps6121/prod_release_notes_list.html

Also we dont know your exact ASA software version and the ASDM version which you updated from.

- Jouni

Thanks but already been through the Release Notes, that's why I posted the question.

ASA Version isn' really the issue - this is a known feature add by Cisco, (presumeably), so, somewhere it must be documented - that's what I'm looking for.

Hi,

From what I have seen, Cisco has had a habit of introducing even large changes to device operation without so much as mentioning it in their documentation.

Probably the most common issue I have seen was when people were upgrading their ASA past 8.4(2) software to 8.4(3) for example where the issue was first observed. They decided that ASA would no more populate ARP table with nonconnected networks.

So soon people found that part of their servers worked no more since the ARP behaviour was changed. In the next upgrade they added the command "arp permit-nonconnected" with which the behaviour could be returned to that in 8.4(2) and previous softwares.

So taking that into consideration I would be suprised that this kind of graphical change in the ASDM "Firewall" view wouldnt be noted in any documentation.

I would suggest waiting for either a reply directly from Cisco or opening a TAC case if you need a confirmation from Cisco directly.

- Jouni

Now that's a great find - searching the bug DB for a feature request didn't dawn on me.  Nice one!

Thanks!