Solved: ASA 8.3 and VPN Names/Aliases

society-gmbh · ‎07-07-2010

It might be a stupid question but after upgrading to ASA 8.3 the Name Aliases which showed up in VPN-Views (Site-to-Site VPN, VPN Sessions) do not work anymore.

Before Update to 8.3 when I had an Name Object for an IP-Adress or an Network the Name of the IP-Adress showed up in brackets () in the site-to-site VPN list making it much easyer to keep an overview of the VPN-Connection profiles. Now I just see the plain IP-Adresses anymore.

The same goes for the display of VPN site-to-site connection session details. In there I used to see the names of the networks in the session. Now I only just see the IP-Addresses of the network making it much harder to keep an overview.

Is there any way to go back to the old behavior without reverting to a Software prior to 8.3 ?

Thankful for any help or suggestions

Dirk

Marcin Latosiewicz · ‎10-21-2010

Dirk,

It's not as tested as a typical mainetnance release you get, but we do run regression tests on it before publishing it - just limited amount.

Think of it as 8.3.2 + collection of bug fixes

Weather it's safe or not, if concerned about safety but annoyed by the bug, you could run the interim on one of the units in failover. If you see some undesired effects you fail back to unit running non-interim code.

Marcin

View solution in original post

Marcin Latosiewicz · ‎07-07-2010

Dirk,

Could you please attach a screenshot of what's bugging you in 8.3 I assume we're talking about ASDM?If you have it, also a screenshot from older version.

Marcin

society-gmbh · ‎07-07-2010

Sorry forgot to mention. Yes I am talking about ASDM. I attached some screenshots of what is different in 8.2.1 and 8.3.1 and whats bugging me.

I had to ad-lib a bit because most of my ASA´s are up to 8.3.1 already but I guess the Message of the Screenshots gets through.

Problem 1:

In asa_8.2.1.jpg and asa_8.3.jpg you see the Site-to-Site VPN Connection Profiles. In 8.2.1 after the IP (Name) the Alias (entry in Objects) is shown in round Brackets like this

66.102.13.99 (VPN_GW_BERLIN)

From ASA 8.3.1 that Alias in the round Brackets does not work anymore.

Problem 2:

In asa_8.2.1_Sesions.jpg and asa_8.3.1_Sesions.jpg you see the Details View of an VPN-Connection.

ASA_8.2.1 showed the Names of the connected Networks as defined in Objects. From ASA 8.3.1 it now only shows the IP-Adresses of the connected Networks. The "friendly names" do not show anymore.

When manaing a lot of VPN Connection on one ASA I loose the overview as I cannot remember all IP-Adresses from Gateways and Networks.

So those friendly names were very helpful.

I would like to get that back on my ASAs with 8.3.1

Thankx again for any help

Dirk

Marcin Latosiewicz · ‎07-08-2010

Dirk,

I dug into the database to see if anything like this has been reported.

It doesn't look that way.

Would it be possible for you to open a TAC case and mention my name in initial notes? I could grab this and followup with ASDM developers.

Marcin

society-gmbh · ‎07-08-2010

Thankx for helping out. As requested I opened an TAC case with the reference number # 614838193.

arimikalflote · ‎10-20-2010

Hey!

where there any workaround for this?

I have the same problem...

Kind regards

Ari

society-gmbh · ‎10-20-2010

Up until now I havn´t seen any fix of that bug.

The bug as been accepted by Cisco but hasnt been fixed in any recent release yet.

Still waiting for Cisco to fix it.

arimikalflote · ‎10-21-2010

Hey

ah, okay, have to wait then.

thanx for the quick reply!

Ari

Marcin Latosiewicz · ‎10-21-2010

Guys,

The bug is fixed in an interim image available internally 8.3.2.1

8.3.2.4 also containing that fix is available on CCO:

http://www.cisco.com/cisco/software/release.html?mdfid=279916878&flowid=4374&softwareid=280775065&release=8.3.2%20Interim&rellifecycle=&relind=AVAILABLE&reltype=all

Marcin

society-gmbh · ‎10-21-2010

Thankx for the heads up on the Interim Release.. but are interim releases safe for Production enviroments ?

Thx

Dirk

Marcin Latosiewicz · ‎10-21-2010

Dirk,

It's not as tested as a typical mainetnance release you get, but we do run regression tests on it before publishing it - just limited amount.

Think of it as 8.3.2 + collection of bug fixes

Weather it's safe or not, if concerned about safety but annoyed by the bug, you could run the interim on one of the units in failover. If you see some undesired effects you fail back to unit running non-interim code.

Marcin

society-gmbh · ‎10-21-2010

Thankx for the explanation.. To be sure I will rather wait for the next mainetnance release.
The bug is annoying but not as much as to risk interruption of Services.

Thankx

Dirk