03-01-2006 05:55 AM - edited 03-09-2019 02:06 PM
i have just configured PDM on my 515E ver 6.3(4), but when the PDM is starting up it displays a message "unsupported commmand found" and the message is
"PDM does not support multiple uses of a given Access Control List"
can anyone help me here.
03-01-2006 06:51 AM
Any duplicated entries for a specific access-list in the pix configuration?... Check this into nat, aaa, access-group, vpn, etc...
03-01-2006 09:03 PM
hey,
i have the following as you mentioned
-----------------------------------------
nat (inside) 0 access-list vpnis
nat (inside) 1 172.16.0.0 255.255.0.0 0 0
-----------------------------------------
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
aaa-server radius protocol radius
aaa-server radius max-failed-attempts 3
aaa-server radius deadtime 10
----------------------------------------
access-group acl_out in interface outside
access-group acl_inside in interface inside
----------------------------------------
vpngroup vpndes idle-time 1800
vpngroup vpnis address-pool bigpool
vpngroup vpnis dns-server 172.16.1.20
vpngroup vpnis wins-server 172.16.1.10
vpngroup vpnis default-domain domain.com
vpngroup vpnis idle-time 1800
vpngroup vpnis password (password)
vpdn group 1 accept dialin pptp
vpdn group 1 ppp authentication pap
vpdn group 1 ppp authentication chap
vpdn group 1 ppp authentication mschap
vpdn group 1 ppp encryption mppe auto
vpdn group 1 client configuration address local bigpool
vpdn group 1 pptp echo 60
vpdn group 1 client authentication local
vpdn username vpnis password (password)
vpdn enable outside
-------------------------------------------
everything looks okay and everything is running
03-02-2006 03:04 AM
Hi
The errormessage is commonly displayes when you are using one access-list for two purposes:
Like the Vpnis used for
- nonat (nat 0)
AND
- to specify the traffic wich should be encrypted.
Split this up in two different access-list one named ex: "nonat" and the other ex."ipsec" with the same IP address space.
The "nonat" ACL should then be used to the nat (0) statement,
The "ipsec" ACL should then be used to specify the encrypted traffic.
This will solve your problem.
Greetings
Jarle
03-03-2006 02:30 AM
thanks, but just curious. if everything is running okay and i don't see any problems on the pix meaning everything works as it's suppose to be then why does PDM has a problem is understanding this configuration.
Does it mean that there is a problem and i am not yet aware of it or will it make a problem which i cannot forecast???
03-03-2006 02:48 AM
Hi
There is no error on the configuration. PDM just dont support it, and needs different access-list for the different "tasks".
You can keep it as it is, but I believe this limit the PDM functionality. There is no Firewall config error, in fact before PDM was introduced you saved configuration-lines by using the same acl for different tasks....
Use 2 different access-list names and your PDM-Problem is solved.
Greetings
Jarle
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide