Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
673
Views
0
Helpful
4
Replies

Reference group got created automatically in cisco pix

Raviraj Velankar
Level 1
Level 1

‎10-24-2012 12:19 AM - edited ‎03-11-2019 05:13 PM

   Hi,

I got into one issue with Cisco PIX.

For providing access in the Pix firewall from outside interface to inside interface, I have created one group with corresponding ip's and policies are created for the same at respective interfaces. But reference group has got created automatically referring to original group and same was used at the inside interface in ACL.

asdm group port_Group outside
asdm group port_Group_ref inside reference port_Group.


object-group network  port_Group

network-object 172.17.119.179 255.255.255.255

network-object 172.17.119.155 255.255.255.255

object-group network port_Group_ref
network-object 172.17.119.179 255.255.255.255

network-object 172.17.119.155 255.255.255.255


access-list inside extended permit tcp object-group port_Group_ref object-group server1 eq ftp

access-list outside extended permit tcp object-group port_Group object-group server1 eq ftp


Pix version  is 7.0(4) and device manager version is 5.0(4).

 

Is this default behaviour or Is there any bug with IOS and will it create any  issuess ?


Rgds

Ravi

Labels:
0 Helpful
4 Replies 4

Jennifer Halim
Cisco Employee
Cisco Employee

‎10-24-2012 12:35 AM

It does sound like a bug, and i would recommend that you remove the extra command that was automatically created.

You are running quite an old version of code as well, maybe it is worth upgrading it.

0 Helpful

Raviraj Velankar
Level 1
Level 1
In response to Jennifer Halim

‎10-24-2012 12:55 AM

Thanks but can I know is any bug listed on cisco site for above behaviour ? It will help me to give justification to my management to upgrade the IOS of ASDM.

Rgds

Ravi

0 Helpful

Raviraj Velankar
Level 1
Level 1
In response to Raviraj Velankar

‎10-24-2012 12:56 AM

I forgot to mention one thing. I faced above problem when I had done configuration through ASDM.

0 Helpful

Jennifer Halim
Cisco Employee
Cisco Employee
In response to Raviraj Velankar

‎10-24-2012 06:37 AM

Can't seem to find any matching bug.

However, version 7.0 is already EOL, and here is the EOL notification:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5709/ps2030/end_of_life_notice_for_cisco_pix_sec_app_v7.html

There won't be anymore bug fixes for version 7.0.

Well, actually version 7.1, 8.0 is already all EOL, and PIX is also EOL.

It's probably time to move to ASA firewall which is the replacement of PIX.

0 Helpful
Review Cisco Networking for a $25 gift card
Top