ASDM _ref ACL Entries

Unanswered Question
Nov 7th, 2007
User Badges:

Can someone explain to me how ASDM handles the _ref ACL entries, it appears to me that it will create them automatically, and sometimes replace my original entry with _ref appended. For instance if I create an ACL sql_servers and then later make changes it appears to create an ACL sql_servers_ref, and then I end up with two ACL's. This gets a little annoying. How should I handle this??

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
hadbou Wed, 11/14/2007 - 08:07
User Badges:
  • Bronze, 100 points or more

ASDM has a paradigm of real object-groups XXX and mapped object-groups XXX_ref.

The real object-group XXX is created via ASDM GUI. When a real object-group is used in ACL, ASDM automatically calculates the required translations and creates and uses XXX_ref in the ACL.

When configuration is parsed by ASDM, it check that all XXX and XXX_ref are is sync because the relationship might be broken if user changes them via CLI.

shameem_mk Tue, 01/15/2008 - 02:56
User Badges:

I have come across the same problem that is annoying the management and they wanted a solution to remove these mapped object-group entries. Is this a feature in the ASDM or a bug? Will the ACL still work if I remove these mapped object-groups completely from the CLI or do I ignore them and redo the ACL's from the CLI?


This Discussion