Preview Tool

Cisco Bug: CSCur25021 - ASDM command exec order - old object should always be removed first

Last Modified

Sep 17, 2019

Products (1)

  • Cisco Adaptive Security Device Manager

Known Affected Releases

6.4(5) 7.3(1.101)

Description (partial)

ASDM generates commands in the wrong order when deleting a network/service object or network/service group, then creating an object of a different type with the same name.  ASDM generates add commands first, then the "no" commands, which causes the add commands to fail.

For example, if you have an network object "objX" that is used in an ACL and want to change it to an object group, ASDM generates the following commands:

object-group network objX
  network-object host x.x.x.x
access-list trust_access_in_1 line 1 extended permit ip object-group objX any
no access-list trust_access_in_1 line 2 extended permit ip object objX any
no object network obj10

All of the commands except the last one fail.

Deleting a network/service object or group and creating an object of another type with the same name in one transaction.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.