Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

Troubleshooting
Research
Professional Opinions
Ask a Question
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

troubleshooting Question

PDM does not support multiple uses of a given access control list

Avatar of PDFConsultants
PDFConsultants asked on
Software Firewalls
3 Comments1 Solution930 ViewsLast Modified:

Hi,

We have a PIX firewall (v6.2) and have a problem accessing the device manager.  I am receiving the error "PDM does not support multiple uses of a given access control list".  I have looked at other posts here but am unable to identify where the duplicate ACL is being used.

I would really appreciate some help identifying the problem please.

an extract (sanitised) from the current config is below

.....
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
names
access-list outside permit tcp any host a.b.c.242 eq smtp
access-list outside permit tcp any host a.b.c.243 eq 1723
access-list outside permit udp any host a.b.c.243 eq 1701
access-list outside permit udp any host a.b.c.243 eq isakmp
access-list outside permit ah any host a.b.c.243
access-list outside permit esp any host a.b.c.243
access-list outside permit gre any host a.b.c.243
access-list outside permit udp any host a.b.c.242 eq dnsix
access-list outside permit udp any host a.b.c.243 eq dnsix
access-list outside permit icmp any any echo-reply
access-list outside permit gre host a.b.d.135 host a.b.e.221
access-list outside permit tcp host 10.0.1.10 host a.b.f.66 eq 3000
access-list outside permit tcp host 10.0.1.10 host a.b.f.66 eq 3001
access-list outside permit tcp host 10.0.1.10 host a.b.f.66 eq 3002
access-list outside permit udp host 10.0.1.10 host a.b.f.66 eq 3000
access-list outside permit udp host 10.0.1.10 host a.b.f.66 eq 3001
access-list outside permit udp host 10.0.1.10 host a.b.f.66 eq 3002
access-list outside permit tcp any host a.b.c.242 eq https
access-list outside permit tcp host 10.0.1.10 host a.b.f.66 eq 3003
access-list outside permit udp host 10.0.1.10 host a.b.f.66 eq 3003
access-list outside permit tcp host 10.0.1.10 host a.b.g.113 eq 3000
access-list outside permit tcp host 10.0.1.10 host a.b.g.113 eq 3001
access-list outside permit tcp host 10.0.1.10 host a.b.g.113 eq 3002
access-list outside permit tcp host 10.0.1.10 host a.b.g.113 eq 3003
access-list outside permit udp host 10.0.1.10 host a.b.g.113 eq 3000
access-list outside permit udp host 10.0.1.10 host a.b.g.113 eq 3001
access-list outside permit udp host 10.0.1.10 host a.b.g.113 eq 3002
access-list outside permit udp host 10.0.1.10 host a.b.g.113 eq 3003
access-list outside permit tcp any host a.b.c.244 eq 1023
access-list outside permit udp any host a.b.c.244 eq 1023
access-list outside deny ip any host a.b.c.244
access-list 115 permit ip 10.0.1.0 255.255.255.0 10.1.1.0 255.255.255.0
access-list 115 permit ip 10.0.5.0 255.255.255.0 10.1.1.0 255.255.255.0
access-list 115 deny ip 10.0.1.0 255.255.255.0 any
access-list inside deny udp any any eq 106  
access-list inside deny tcp any any eq 106
access-list inside permit tcp any any
access-list inside permit udp any any
access-list inside permit ip any any
access-list inside deny ip any host w.x.y.z
pager lines 24
logging on
logging timestamp
logging buffered informational
logging trap debugging
logging facility 23
interface ethernet0 auto
interface ethernet1 auto
interface ethernet2 auto shutdown
mtu outside 1500
mtu inside 1500
mtu DMZ 1500
ip address outside a.b.c.246 255.255.255.248
ip address inside 10.0.1.254 255.255.255.0
ip address DMZ 127.0.0.1 255.255.255.255
ip audit info action alarm
ip audit attack action alarm
pdm history enable
arp timeout 14400
global (outside) 1 a.b.c.245
nat (inside) 0 access-list 115
nat (inside) 1 10.0.1.0 255.255.255.0 0 0
nat (inside) 1 10.0.5.0 255.255.255.0 0 0
static (inside,outside) a.b.c.242 10.0.1.5 netmask 255.255.255.255 0 0
static (inside,outside) a.b.c.243 10.0.1.6 netmask 255.255.255.255 0 0
static (inside,outside) a.b.c.244 10.0.1.8 netmask 255.255.255.255 0 0
static (inside,outside) a.b.e.221 10.0.1.240 netmask 255.255.255.255 0 0
access-group outside in interface outside
access-group inside in interface inside
route outside 0.0.0.0 0.0.0.0 a.b.c.241 1
route inside 10.0.5.0 255.255.255.0 10.0.1.240 1
route inside 10.0.99.0 255.255.255.252 10.0.1.240 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
url-server (inside) vendor websense host 10.0.5.2 timeout 10 protocol UDP version 4
url-cache src_dst 128KB
filter url http 10.0.1.0 255.255.255.0 0.0.0.0 0.0.0.0 allow
filter url http 10.0.5.0 255.255.255.0 0.0.0.0 0.0.0.0 allow
http server enable
http a.b.h.158 255.255.255.255 outside
http 10.0.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
no sysopt route dnat
.......

Thanks

Stuart

ASKER CERTIFIED SOLUTION
Avatar of Les Moore
Les MooreFlag of United States of America imageSystems Architect
Commented:
This problem has been solved!
Unlock 1 Answer and 3 Comments.
See Answers