Solved: Re: Some group names created in ASDM aren't visible in ASDM afte

jllenhart · ‎10-15-2010

I am early into the configuration of an ASA 5510 on version 8.3(2) of the OS and 6.3(4) of ASDM.

One oddity I've noticed already is that when I've created Network or Service Groups in ASDM, some of them appear immediately in ASDM and some never do. Here are two examples of groups that I can see in the text configuration but not in ASDM:

object-group network DM_INLINE_NETWORK_1
group-object BMH_1st_2nd_Fl
group-object BMH_Printers

object-group service DM_INLINE_TCP_1 tcp
port-object eq ftp
port-object eq ftp-data
port-object eq www

The names are similar, so I've wondered if there is something about the names that are causing ASDM to not see them, but the help text for the group name field says to: "Use characters a to z, A to Z, 0 to 9, a period, a comma, a dash, or an underscore. The name must contain 64 characters or fewer." My names certainly fall within the scope of what should be considered a legal name. I created additional groups for testing, with the same object members and they show up fine, e.g.

object-group network BOB

group-object BMH_1st_2nd_Fl
group-object BMH_Printers

object-group service BETSY

port-object eq ftp
port-object eq ftp-data
port-object eq www

Any ideas about what in the original names is causing ASDM grief?

Thanks.

Johnny Lee

mirober2 · ‎10-18-2010

Hi Johnny,

The DM_INLINE objects are custom objects that are automatically created and edited when using things like the Access Rules pane. Because these are automatically managed by ASDM, there is no place to view/edit them (though they will be automatically updated when the rule that references them is changed).

If you want to have direct control over the objects, you'll need to create them with a name other than DM_INLINE_x. These should show up in the Objects pane and you'll be able to edit and re-use them throughout the config. Otherwise, ASDM will transparently manage the DM_INLINE objects.

Hope that helps.

-Mike

View solution in original post

Nicolas Darchis · ‎10-16-2010

Please post this in the ASA section and not in the Wireless forum. Thanks.

jllenhart · ‎10-18-2010

Moved the discussion to Security -> Firewalling. Thanks for the suggestion.

mirober2 · ‎10-18-2010

Hi Johnny,

The DM_INLINE objects are custom objects that are automatically created and edited when using things like the Access Rules pane. Because these are automatically managed by ASDM, there is no place to view/edit them (though they will be automatically updated when the rule that references them is changed).

If you want to have direct control over the objects, you'll need to create them with a name other than DM_INLINE_x. These should show up in the Objects pane and you'll be able to edit and re-use them throughout the config. Otherwise, ASDM will transparently manage the DM_INLINE objects.

Hope that helps.

-Mike

jllenhart · ‎10-18-2010

Thanks, Mike. I wondered if it was something like that, but I didn't find any reference to these names in any of the ASA documentation or on these discussion forums. I appreciate you taking the time to respond.

Johnny Lee

jreyn23456 · ‎01-15-2016

it is possible to see the DM_INLINE object in use. Tools ---> Command Line interface and do a "show run".

I ran into this issue and started overwriting objects, especially when you have more than one Engineer entering rules into the firewall.

Now, I just do a show run, copy the txt and paste into a notepad file and do a search.

Regards,

Juan

Some group names created in ASDM aren't visible in ASDM afterwards