Adaptive Security Device Manager Hot Issues from Cisco TAC

ASDM 7.0 does not display unidirectional NAT rules with service., Fixed CSCud20548

Symptom: Some NAT rules are not visible in ASDM.
Conditions: ASDM 7.0 NAT rules with both the "unidirectional" and "no-proxy-arp" keywords. ASA 8.3/8.4/8.5/8.6 and 9.0
Workaround: Not needed, the rules are present in configuration and are in operation.

Read-only user logged into ASDM-Unauthorized change-password msg appears, Fixed CSCua29422

Symptom: Read-only user logged into ASDM-Unauthorized change-password msg appear
Conditions: login to ASDM using read-only user. Privilege level 5.
Workaround: Just press "ok" to proceed further. PSIRT Evaluation: The Cisco PSIRT has evaluated this issue and does not meet the criteria for PSIRT ownership or involvement. This issue will be addressed via normal resolution channels. If you believe that there is new information that would cause a change in the severity of this issue, please contact psirt@cisco.com for another evaluation. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

ENH: ASDM should reconnect to ASA on connection loss, Open CSCsz94175

Symptom: There are permanent connections between the ASDM and the ASA to display stats and logs. These connections might get disconnected due to external factors. The asdm will not reconnect automatically to the ASA when this happens. This should be done automatically.
Conditions:
Workaround: You can reconnect manually by going to the main ASDM page. There In the lower right-hand corner of the main ASDM frame (6th position to the left), there is a 2-computer (connection status) icon. If you click on that icon a dialog box will be presented offering to reconnect ASDM if needed.
Further Problem Description:

ASDM 6.4.9 inserting ACL while modifing Group Policy, Fixed CSCua71251

Symptom: While modifing existing Group Policy or adding a new one via: Remote Access VPN > Network Client Access > Group Policies The following ACL is adding to ASA configuration: access-list AnyConnect_Client_Local_Print extended deny ip any any access-list AnyConnect_Client_Local_Print extended permit tcp any any eq lpd access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 631 access-list AnyConnect_Client_Local_Print remark Windows' printing port access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 9100 access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol access-list AnyConnect_Client_Local_Print extended permit udp any host xxx.x.x.xxx eq 5353 access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol access-list AnyConnect_Client_Local_Print extended permit udp any host xxx.x.x.xxx eq 5355 access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 137 access-list AnyConnect_Client_Local_Print extended permit udp any any eq netbios-ns
Conditions: Always
Workaround: Use CLI for modifing existing Group Policy or adding a new one

ASDM shows incomplete ASA connection table entries, Fixed CSCue46483

Symptom: ASDM ASA Connection Monitoring Table displays incomplete and incorrect entries. ASDM-> Monitoring -> Proprties -> Connections For example, the Source IP and Source Port fields as well as the Idle Time, Sent/Received ones have no entries at all, while the Destination IP and Destination Ports fields are populated with incorrect entries. All above are compared to the reference CLI outputs.
Conditions: ASA 8.4.5 or 8.4.4 ASDM 7.1.1(52)
Workaround: Either consult CLI or use ASDM 7.1.1(52) with ASA 9.0.

Sorting ASDM connections table by sent/received sorts lexicographically, Fixed CSCto34582

Symptom: This is a cosmetic issue only. When viewing the table of active connections in ASDM, if the list is sorted by data "sent/received" then the connections are sorted in lexicographical order. So it might appear like this: Connection C - Data Sent 9 K Connection A - Data Sent 9 MB ASDM shows that 9K is "more" than 9 MB, since 'K' comes before 'M' in the alphabet. It should sort the connections by the actual number of bytes transferred on the connection.
Conditions:
Workaround: None within ASDM. Use the 'show conn' command on the ASA command line to view the active connections through the ASA More Info:

HAS wizard fails license check incorrectly, Fixed CSCtz65316

Symptom: ASDM HAS wizard fails license check incorrectly.
Conditions:
Workaround: