Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1861
Views
0
Helpful
4
Replies

Strange problem with ASDM when we move up sec rule one step

MJonkers
Level 1
Level 1

‎05-16-2011 01:39 AM - edited ‎03-11-2019 01:33 PM

Hi,

We have a 5540 firewall, when we push up a firewall rule one step we get a message from ASDM that this cannot be done. See file included?

Why is this, I did never see this problem. We use a lot of ASA's including 5550 and 5580's.

ASA image is 8.4(1)

ASDM is 6.4(1)

Thanx for your reply.

Marc

Labels:
Preview file
198 KB
0 Helpful
4 Replies 4

Anu M Chacko
Cisco Employee
Cisco Employee

‎05-16-2011 03:46 AM

Hi Marc,

The device seems to be hitting bug :CSCsw34639- ASDM not using ACL line number correctly. Here are the details:

Symptom:
When using ASDM 6.1.5 or later to modify access-list  entries on a PIX or ASA firewall, attempts to remove or modify lines may  fail indicating either "Specified access-list does not exist at that  line" or "Specified remark does not exist". This is because ASDM is  using the incorrect access-list element line number.

Conditions:
This has been seen on ASDM version 6.1.5 with access-list of varying sizes.

Workaround:
There is no current workaround at this time. Changes can still be made outside of ASDM via the CLI.

So there is no available workaround. You will have to edit your configuration from the CLI.

Regards,

Anu

P.S. Please mark the question as resolved if it has been answered. Do rate helpful posts.

0 Helpful

mentalcase
Level 1
Level 1
In response to Anu M Chacko

‎12-01-2015 05:29 AM

Good day guys,

I see this post has been here a while, about 5 years or so.

I am currently employed at a company were there is over 70 firewalls in total and ASDM is still key to managing Access Rules.

The problem I am having is the following:  CSCsw34639.

I would like to know if there is a workaround for this bug.

Like Above stated when you move access rules in asdm it takes the wrong Line number and that gives you the following error Specified remark does not exist.

Any info will be appreciated.

0 Helpful

Rishabh Seth
Level 7
Level 7
In response to mentalcase

‎12-01-2015 05:35 AM

Hi,

I think this defect is seen in older ASDM version. You can try the recommended ASDM version for your firewall OS version.

Refer following link to know more about ASA and ASDM comatibility:

http://www.cisco.com/c/en/us/td/docs/security/asa/compatibility/asamatrx.html#pgfId-121785

Thanks,

Rishabh Seth

PS: Rate if it helps and mark answer as correct if it resolves your issue.

0 Helpful

mentalcase
Level 1
Level 1
In response to Rishabh Seth

‎12-02-2015 12:23 AM

Hi Rishabh,

Thanx for your reply, the thing is I have checked the compatibility page, the 5515x ASA version we are using is 9.4(2) with the compatible ASDM version 7.5(1).

These versions are the ones I'm having a problem with, and I can not downgrade the ASA version number because we are going to use the SFR module for deep packet inspection and you need ASA version 9.2 and above as far as I know.

We also have a few firewalls 5510's that has 8.x asa version with asdm 6.4 and above and we do not really get this problem.

To do 100+ ACL's in the CLI of a firewall is just not practical.

Any suggestions would help.

Thanks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card