Migrating from ASA 8.2 makes double objects and rules

santonic · ‎06-27-2018

I'm migrating configuration from ASA version 8.2 and I noticed that quite a lot of objects are doubled and also some rules are doubled.

If I look at doubled objects 1 of them has 'default' under 'src File' coloumn and the other has config file name in that coloumn (filename matching the one i imported). I only imported this named config file. Where does 'default' come from?

And both objcts of this doubled pir are used so I'm assuming rules have been doubled for the same reason.

Anyone had similar issues?

alestevez · ‎06-28-2018

can it be the netmasks are different? You can merge by name and value....

santonic · ‎06-28-2018

Nope, everything is the same, just src File field differs.

santonic · ‎06-28-2018

Loading config later discards it anyway:

address -> mOltar-32 'mOltar-32' is already in use

address -> mOltar-32 mOltar-32 is invalid. Discarding

santonic · ‎06-28-2018

Now I noticed it also didn't change destination zone to post DNAT zone in FW rules. Maybe cause the object isn't correct; it seems it created 2 same objects out of 1 object with no mask and also left the orginal one

And FW rules (connected with above post DNAT problem) allowing known services on TCP ports (www, smtp) have ipsec-esp as application:

Corresponding NAT rule:

BBartik · ‎05-28-2020

I know this is old but I believe the reason for Default is that the object is already part of a group in the ASA. If the SrcFile is equal to the filename, that means expedition has created the objects based on a rule.

Example: TCP port 9060 is part of an object group already. When you import the ASA config, Expedition creates a new object and SrcFile shows up as "Default". TCP 9061 is not in an object group but used in a rule. Expedition creates the object and marks the SrcFile as the filename.

Migrating from ASA 8.2 makes double objects and rules