So I am working with 3 ASA 5520 devices across 3 datacenters and we manage those devices with ASDM - due to the amount of rules, etc it has become somewhat necessary to rely on ASDM.
This morning I changed to "device A" and proceeded to review the interfaces and access rules and began disabling some configurations that were done for testing. The names and identifiers were absolutely unique to this device so I was certain that the rules/config being changed was correct for the selected device.
I applied my changes and went about my business.
Next I needed to add an access rule to "device C". Since i had not planned to go back into this device for any time in the forseeable immediate future, I saved the changes I made to the access rule, on Device C.
Several minutes later the other network engineer is shouting "WTF Happened to the outside interface on [Device C] ?!"
When I changed devices, added my access rule and saved configuration, ASDM actually executed ALL of the commands on Device C (including the ones that were supposed to have been done on Device A!)
This resulted in the wrong ASA having it's outside interface deleted ...among other things.
It forced us to restore from a backup.
What happened today should not have been possible. Can someone with advanced knowledge of ASDM please explain how changes made to one device could possibly be erroneously applied to a different device?
Device "A" refers to "10.248.2.4" while "Device C" refers to 10.248.64.2 - luckily, our DR /non-prod facility.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...