05-16-2011 01:39 AM - edited 03-11-2019 01:33 PM
We have a 5540 firewall, when we push up a firewall rule one step we get a message from ASDM that this cannot be done. See file included?
Why is this, I did never see this problem. We use a lot of ASA's including 5550 and 5580's.
ASA image is 8.4(1)
ASDM is 6.4(1)
Thanx for your reply.
Marc
05-16-2011 03:46 AM
Hi Marc,
The device seems to be hitting bug :CSCsw34639- ASDM not using ACL line number correctly. Here are the details:
Symptom:
When using ASDM 6.1.5 or later to modify access-list entries on a PIX or ASA firewall, attempts to remove or modify lines may fail indicating either "Specified access-list does not exist at that line" or "Specified remark does not exist". This is because ASDM is using the incorrect access-list element line number.
Conditions:
This has been seen on ASDM version 6.1.5 with access-list of varying sizes.
Workaround:
There is no current workaround at this time. Changes can still be made outside of ASDM via the CLI.
So there is no available workaround. You will have to edit your configuration from the CLI.
Regards,
Anu
P.S. Please mark the question as resolved if it has been answered. Do rate helpful posts.
12-01-2015 05:29 AM
Good day guys,
I see this post has been here a while, about 5 years or so.
I am currently employed at a company were there is over 70 firewalls in total and ASDM is still key to managing Access Rules.
The problem I am having is the following: CSCsw34639.
I would like to know if there is a workaround for this bug.
Like Above stated when you move access rules in asdm it takes the wrong Line number and that gives you the following error Specified remark does not exist.
Any info will be appreciated.
12-01-2015 05:35 AM
Hi,
I think this defect is seen in older ASDM version. You can try the recommended ASDM version for your firewall OS version.
Refer following link to know more about ASA and ASDM comatibility:
http://www.cisco.com/c/en/us/td/docs/security/asa/compatibility/asamatrx.html#pgfId-121785
Thanks,
Rishabh Seth
PS: Rate if it helps and mark answer as correct if it resolves your issue.
12-02-2015 12:23 AM
Hi Rishabh,
Thanx for your reply, the thing is I have checked the compatibility page, the 5515x ASA version we are using is 9.4(2) with the compatible ASDM version 7.5(1).
These versions are the ones I'm having a problem with, and I can not downgrade the ASA version number because we are going to use the SFR module for deep packet inspection and you need ASA version 9.2 and above as far as I know.
We also have a few firewalls 5510's that has 8.x asa version with asdm 6.4 and above and we do not really get this problem.
To do 100+ ACL's in the CLI of a firewall is just not practical.
Any suggestions would help.
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide