I am running 8.2.1 (18) code with ASDM 6.2 (1) , found this issue in this as well as one firewall having ASA 8.2.2 with ASDM 6.3.1 .Please let me know regarding the same

ASDM 6.3.1 is new and also to support ASA 8.3.1. Eventhough it is backward compatible, there seems to be a number of bugs with earlier version of ASA.

I would recommend that you downgrade the ASDM back to 6.2.5 since you are not running ASA 8.3.1.

hi halijenn,

thanks for the reply ; however 8.2.1 (18) code with ASDM 6.2 (1) is also running and showing the same thing . Also i believe from the compatibilty matrix we can use ASDM 6.3.1 (which is recommended) with any of the 8.2 Versions .Can you please try this in lab or test with demo ASDM . Meanwhile i am also trying to figure out at my end . thanks a lot !

Hi halijenn

I have tried with 6.2.5 ASDM code as well and the same results . Also there is subnet mask associated with the network-object while creating via ASDM and the same can be pulled into an access-list (via ASDM Browse option) to use any of those 2 names ; hence in this case even though 2 network-object having same name we can still pull our desired network-object into it . However via command line , in the "sh names" it will only show 1 name (though actually we have made 2 ) and when we will apply it in access-list (via CLI) we can utilize that name however we have to give subnet mask in ACL at that point of time .Hence , conclusion is : subnet mask of network-object useful in ASDM ; however not in the CLI .As this is almost on all ASDM i dont think it is a bug as otherwise ,it wud by now have been known by everybody .

Hi halijenn

Please reply to my below query , thanks .

Hi Ankur,

There are 2 options when configuring object group via ASDM (the name is not very intuitive and does not match with CLI):

1) The name command on CLI --> Network Object

2) The object-group command on CLI --> Network Object Group

With the first one, as advised earlier, the name command on CLI does not have the subnet mask entry included. You can actually check that by creating a "Network Object" with the mask on ASDM, and when you click Apply, it will come up with a pop up box on what command is actually sent to the ASA, and it will not include the mask.

Example (Attached):

ASDM configuration for Network Object: ASDM-NetworkObject-name.JPG

CLI that is being sent to the ASA when clicking on the Apply button: CLI-sent-to-ASA.JPG

As you can see that on ASDM (Network Object) corresponds to the CLI (name command), and it does not include the subnet mask in the actual "name" command. On ASDM, it is more for your information on what subnet mask the object is, however, you can't really configure the same name with the same IP Subnet and differentiate between the 2 with subnet mask.