Re: PDM Strange behavior

guimar01 · ‎07-28-2003

I'm using PDM 2.1 with PIX os 6.22.

Is it possible that PDM would have recreated my manually configured network groups with a _real extention after it?

Ex:

old name

object-group network ac-network

network-object x.0.0.0 255.0.0.0

network-object x.x.0.0 255.255.0.0

network-object x.y.0.0 255.255.0.0

object-group network ac-network_real

network-object x.0.0.0 255.0.0.0

network-object x.x.0.0 255.255.0.0

network-object x.y.0.0 255.255.0.0

At the moment I have both groups in my config, although PDM is only showing the _real groups

Thanks

Martin

gfullage · ‎07-29-2003

This is actually normal behaviour. When you use PDM to create an access rule that references an object group, it'll create another instance of the OG with a _real or _ref appended to it. I believe if you do a "sho config" on the PIX you won't see the extra ones, although this may have changed in later releases.

It's just used for internal mapping within the PIX, you'll probably see it referenced in the "pdm group" comands later on in the config.

In short, don't worry about it, just create your OG's and access-rules as normal, PDM will sort it all out for you.

guimar01 · ‎07-30-2003

Thanks for your anwser,

But then I end up with (NULL RULES) were I have my old OG names.

And the good rule with the _real OG names.

should I remove all the old and rename the new without the _real?

Regards

Martin

sansari · ‎11-03-2008

I really like to remove these. Is it possible to remove them using the CLI? There is another thread about a simialar issue with "1" appended to the name of OG. They refrence the bug: CSCsg80786. Is there a relation between these issues? Do I have to keep the _real OGs as long as I use the active OG?