I'm a CLI guy and a co-worker is a GUI guy. If we're both working on the same router (NOT at the same time), are there any conflicts? Are there any CLI configs that won't properly "translate" into the ASDM or PDM GUI?
I am a CLI person as well. I can only speak from experience of PDM and the CLI but from bitter experience yes there are problems switching between the two. The main issue seems to be that if you configure if from the CLI and then fire off PDM it seems to want to rewrite a lot of the config eg object-groups etc.
It doesn't actually break the config but it duplicates a lot of it. I have also seen the PDM not recognise some commands that are done from the CLI and get very confused with some of the NAT statements.
I am primarily speaking about version 6.x of pix software and PDM. It may well be a lot better now with v7.x and ADSM but as far as 6.x and FWSM 2.3 goes we make it a rule where i work that we can only use one of the 2 ways to configure it.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...