Guest

Preview Tool

Cisco Bug: CSCuq60854 - CSM limitation Same "name" command and "object-group" creating problem

Last Modified

Nov 11, 2016

Products (1)

  • Cisco Security Manager

Known Affected Releases

4.6(0)SP1

Description (partial)

Symptom:
CSM limitation, Same "name" command and "object-group" creating problem in deployment with CSM

CSM understands the 'names,   Upon discovery, the references to such names in the configuration, shall be replaced with the underlying value before the data is persisted in CSM. There is no problem as long as there is no overlap of the names within the device itself. 

The problem with this device configuration is that the same name ?SBT_MINSK? features both in a 'name' command as well as the name of an object group. When this device is discovered into CSM, the reference to 'SBT_MINSK' in the Object NAT is replaced by CSM with the IP address in the 'name' command, causing this deployment issue.

The workaround will be to ensure that any 'name' configured on the device is not used elsewhere in the configuration as an object name, Concern about other ASA's need to be addressed by first looking for duplicate names on the device config's before discovering the devices into CSM.

I could not found this is CSM configuration doc, so raising the doc bug

Conditions:
The problem with this device configuration is that the same name ?SBT_MINSK? features both in a 'name' command as well as the name of an object group. When this device is discovered into CSM, the reference to 'SBT_MINSK' in the Object NAT is replaced by CSM with the IP address in the 'name' command, causing this deployment issue.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.