Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1154
Views
5
Helpful
4
Replies

Remark/Description increasing exponentially in asa 8.2(5) - ASA5550

amitmarathe
Level 1
Level 1

‎11-03-2011 04:50 AM - edited ‎03-11-2019 02:45 PM

Remark/Description are increasing exponentially in ASA firewall and it is increasing configuration file size. Also observation is that it is happening for only one access list. Following are some of the remark which are repeating...

I try to find out any bug related to this but could not find.

It is observed in ASDM and in the CLI as well. Approx. more that 3000 lines has been created and it is still increasing.

Please revert how to address and resolve this case....

Device Manager Version 6.4(5)

disk0:/asa825-k8.bin

Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
                             Boot microcode   : CN1000-MC-BOOT-2.00
                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
                             IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.05

0: Ext: GigabitEthernet0/0  : address is 0021.a09a.b3d2, irq 9
1: Ext: GigabitEthernet0/1  : address is 0021.a09a.b3d3, irq 9
2: Ext: GigabitEthernet0/2  : address is 0021.a09a.b3d4, irq 9
3: Ext: GigabitEthernet0/3  : address is 0021.a09a.b3d5, irq 9
4: Ext: Management0/0       : address is 0021.a09a.b3d6, irq 11
5: Int: Internal-Data0/0    : address is 0000.0001.0002, irq 11
6: Int: Not used            : irq 5
7: Ext: GigabitEthernet1/0  : address is 0021.a09a.ca90, irq 255
8: Ext: GigabitEthernet1/1  : address is 0021.a09a.ca91, irq 255
9: Ext: GigabitEthernet1/2  : address is 0021.a09a.ca92, irq 255
10: Ext: GigabitEthernet1/3  : address is 0021.a09a.ca93, irq 255
11: Int: Internal-Data1/0    : address is 0000.0003.0002, irq 255

Licensed features for this platform:
Maximum Physical Interfaces    : Unlimited
Maximum VLANs                  : 250      
Inside Hosts                   : Unlimited
Failover                       : Active/Active
VPN-DES                        : Enabled  
VPN-3DES-AES                   : Enabled  
Security Contexts              : 5        
GTP/GPRS                       : Disabled 
SSL VPN Peers                  : 10       
Total VPN Peers                : 5000     
Shared License                 : Disabled
AnyConnect for Mobile          : Disabled 
AnyConnect for Cisco VPN Phone : Disabled 
AnyConnect Essentials          : Disabled 
Advanced Endpoint Assessment   : Disabled 
UC Phone Proxy Sessions        : 2        
Total UC Proxy Sessions        : 2        
Botnet Traffic Filter          : Disabled 

This platform has an ASA 5550 VPN Premium license.

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS

Amit Marathe

Labels:
0 Helpful
4 Replies 4

rrfield
Level 1
Level 1

‎11-03-2011 07:48 AM

For what it's worth, I've run into this when using the wrong version of ASDM.  For example, ASDM 6.4(5) with ASA 8.2(5).  The correct version of ASDM would be 6.4(3).  This has also caused me some other problems, like mysterios disappearing ACL entries.

It's my fault for having some ASA's in the 8.3/8.4 train and some back in 8.2. 

Still, it's such a pain.  It would be helpful if Cisco would simply match up the ASA and ASDM version numbers! I'm sure there is a good reason for them not doing this. Or at least there better be.

0 Helpful

caseth0102
Level 1
Level 1
In response to rrfield

‎11-03-2011 12:44 PM

Stick with the command line

0 Helpful

amitmarathe
Level 1
Level 1
In response to caseth0102

‎11-04-2011 12:41 AM

-------------------------------------------------------------------------------------------------------------------------------------------------

CSCtn88072

Access rule description replication issue

Symptom:

description (remark) line for rule is replicated multiple times.

Conditions:

using same text on multiple lines of the description (remark) field.

Workaround:

don't use same text on multiple lines of the rule description (remark).

--------------------------------------------------------------------------------------------------------------------------------------------------

  • •1.       Delete all the repeated remarks from the configuration
  • •2.       Reconfigure the remark in such a way that for each acl it should be different.

For ex.

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS_1

access-list FSL_WHITE_ZONE_access_in extended permit tcp object-group NOC_TS_GROUP object-group AXIS_PTC_SRVR_GRP_1 eq 3389

access-list FSL_WHITE_ZONE_access_in remark AXIS ROUTERS MONITORING ACCESS and NETFLOW ACCESS_2

access-list FSL_WHITE_ZONE_access_in extended permit udp host 192.168.x.x host 192.168.y.y eq 9996

  • •3.       You can configure according to your way differently but it should be different for each ACL.

Maykol Rojas
Cisco Employee
Cisco Employee
In response to amitmarathe

‎11-04-2011 10:40 PM

Thanks for sharing this information. I assume that was the bug, I just saw it on versions 8.4. I am sure this will help a lot of people.

Mike

Mike
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card