We previously used PDM for PIX version 6 to manage firewall NAT and access rules. From version 7 they introduced the ASDM interface and we would like to take advantage of the new features.
Previously in version 6 we would define a static (inside,outside) NAT and create a corresponding access rule to permit access from the outside (typically to permit remote support from a software supplier - RDP / pcAnywhere for example.)
To be honest I have began learning these things with ASDM so I kind of got the inverse reaction to PDM.
For me it seems logical that you allow traffic to the outside address, because I see things as interface related. First you allow traffic to the outside interface then we translate it to the inside and that's it. It's just a matter of what you are used to I think.
I don't know if Cisco has some kind of translator for the configs, but it might be worth checking that out. I'll be honest, I have done all the migrations manually.
I guess I have two choices - redesign my groups to focus on the outside NAT addresses - or stick with V6 and PDM. I guess I have just had it easy with V6! Another big concept change for me was the removal of the PDM location feature.
With PDM objects have a location associated - for example you define a host / group - and you are asked where it resides (inside or outside for example). With ASDM all object are placed in the same place. It has no concept of location. I guess this is the root cause of my problem.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :