10-15-2010 11:31 AM - edited 03-11-2019 11:54 AM
I am early into the configuration of an ASA 5510 on version 8.3(2) of the OS and 6.3(4) of ASDM.
One oddity I've noticed already is that when I've created Network or Service Groups in ASDM, some of them appear immediately in ASDM and some never do. Here are two examples of groups that I can see in the text configuration but not in ASDM:
object-group network DM_INLINE_NETWORK_1
group-object BMH_1st_2nd_Fl
group-object BMH_Printers
object-group service DM_INLINE_TCP_1 tcp
port-object eq ftp
port-object eq ftp-data
port-object eq www
The names are similar, so I've wondered if there is something about the names that are causing ASDM to not see them, but the help text for the group name field says to: "Use characters a to z, A to Z, 0 to 9, a period, a comma, a dash, or an underscore. The name must contain 64 characters or fewer." My names certainly fall within the scope of what should be considered a legal name. I created additional groups for testing, with the same object members and they show up fine, e.g.
object-group network BOB
group-object BMH_1st_2nd_Fl
group-object BMH_Printers
object-group service BETSY
port-object eq ftp
port-object eq ftp-data
port-object eq www
Any ideas about what in the original names is causing ASDM grief?
Thanks.
Johnny Lee
Solved! Go to Solution.
10-18-2010 06:33 AM
Hi Johnny,
The DM_INLINE objects are custom objects that are automatically created and edited when using things like the Access Rules pane. Because these are automatically managed by ASDM, there is no place to view/edit them (though they will be automatically updated when the rule that references them is changed).
If you want to have direct control over the objects, you'll need to create them with a name other than DM_INLINE_x. These should show up in the Objects pane and you'll be able to edit and re-use them throughout the config. Otherwise, ASDM will transparently manage the DM_INLINE objects.
Hope that helps.
-Mike
10-16-2010 06:17 AM
Please post this in the ASA section and not in the Wireless forum. Thanks.
10-18-2010 05:30 AM
Moved the discussion to Security -> Firewalling. Thanks for the suggestion.
10-18-2010 06:33 AM
Hi Johnny,
The DM_INLINE objects are custom objects that are automatically created and edited when using things like the Access Rules pane. Because these are automatically managed by ASDM, there is no place to view/edit them (though they will be automatically updated when the rule that references them is changed).
If you want to have direct control over the objects, you'll need to create them with a name other than DM_INLINE_x. These should show up in the Objects pane and you'll be able to edit and re-use them throughout the config. Otherwise, ASDM will transparently manage the DM_INLINE objects.
Hope that helps.
-Mike
10-18-2010 06:45 AM
Thanks, Mike. I wondered if it was something like that, but I didn't find any reference to these names in any of the ASA documentation or on these discussion forums. I appreciate you taking the time to respond.
Johnny Lee
01-15-2016 05:50 AM
it is possible to see the DM_INLINE object in use. Tools ---> Command Line interface and do a "show run".
I ran into this issue and started overwriting objects, especially when you have more than one Engineer entering rules into the firewall.
Now, I just do a show run, copy the txt and paste into a notepad file and do a search.
Regards,
Juan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide