Hi,
After upgrading our PIX 525 from version 6 to 8 I noticed the access- lists and object-group command behaviour has changed - it no longer automatically creates "reference" access-groups ending with "_ref"
Previously I created inbound access-lists (via PDM) referencing the inside server names and the PIX automatically created a "reference" access-lists/object-groups that matched the outside NAT'ed addresses.
For example:
Name 192.168.10.10 SERVER1 (inside name)
object-group network INSIDE-SERVER (object -group with inside name) network-object SERVER1 255.255.255.255
object-group network INSIDE-SERVER_ref (automatically created object group matching outside NAT) network-object 10.10.10.10 255.255.255.255
access-list outside_access_in permit tcp any object-group INSIDE_SERVER_ref eq http (access-list using the _ref" version)
For some reason version 8 does not do this? Any suggestions would be appreciated.
Paul