PDM is limited to the monitoring tab. An error message about Access Control Lists is displayed

TCC_2 · ‎06-22-2009

Core issue

The same Access Control List (ACL) is used to define the nat 0 and the crypto map match address commands.

Resolution

If a PIX is configured for VPN access, and the ACL used to define the encrypted traffic is the same as the one used to define what traffic should not be done with Network Address Translation (NAT), then PIX Device Manager (PDM) is limited to the monitoring tab.

If PDM is launched with the same ACL applied to the nat interface 0 command as is applied to the crypto map map name number match address acl command, this warning message is displayed.

PDM has encountered a PIX Firewall configuration command statement that PDM does not support.Configuration parsing has been stopped. PDM access is now limited to the monitoring tab during the current session. To regain access to the rest of PDM, use the Command Line Interface (CLI) window to fix the unsupported command statement and then refresh PDM with the modified PIX Firewall configuration.

To resolve the problem, add another ACL. Refer to these statements in your PIX configuration:

access-list 140 permit ip 192.168.4.0 255.255.255.0 10.10.10.0 255.255.255.0

access-list 140 permit ip 192.168.4.0 255.255.255.0 10.1.2.0 255.255.255.0

nat (inside) 0 access-list 140

crypto map mymap 5 match address 140

In this case, you would need to make these changes:

access-list 140 permit ip 192.168.4.0 255.255.255.0 10.10.10.0 255.255.255.0

access-list 140 permit ip 192.168.4.0 255.255.255.0 10.1.2.0 255.255.255.0

access-list 150 permit ip 192.168.4.0 255.255.255.0 10.10.10.0 255.255.255.0

access-list 150 permit ip 192.168.4.0 255.255.255.0 10.1.2.0 255.255.255.0

nat (inside) 0 access-list 150

crypto map mymap 5 match address 140