Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Add access-list through ADSM 6.4 with different service types

I tried to add an access-list in ADSM, with source any and destination any, and services tcp/http and udp/dns.

However I got this error message "service cannot contain services of different types".

Is grouping tcp and udp services in the same access-list entry not supported?

I just cannot find such information in any cisco documents.

Many thanks.

Everyone's tags (5)
13 REPLIES
Super Bronze

Add access-list through ADSM 6.4 with different service types

Yes you can...

Here is an example:

object-group service DM_INLINE_SERVICE_1

        service-object tcp destination eq cifs

        service-object udp destination eq domain

access-list inside_access_in line 13 extended permit object-group DM_INLINE_SERVICE_1 any any

New Member

Add access-list through ADSM 6.4 with different service types

Thanks for your reply Jennifer.

DId you create this rule by using CLI or ADSM? Please try editing this rule in ADSM, like adding a comment, to see if you hit the error message.

BTW, what version are you using? I am running version 8.4.3

Super Bronze

Add access-list through ADSM 6.4 with different service types

I use ASDM 6.4, and the ASA is 8.4.2.

I tried to add comment and didn't see the error that you've seen.

Did you only see the error when you try to edit the existing access-list?

Also, have you tried with CLI and do you get the same error? just trying to see if it's an ASDM bug or ASA bug.

New Member

Add access-list through ADSM 6.4 with different service types

I tried two cases

I created the rule using ADSM but failed

Then I created it using cli without any problem. I further edit it and result in error message

Add access-list through ADSM 6.4 with different service types

Hello Y.lo

I tried using the ASDM and it worked just fine

I am running ASDM 6.4.5.

Add access-list, source any destination any and on service set:

tcp/cifs,udp/53

And that's it.

Let me know how it goes.

Julio

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
New Member

Add access-list through ADSM 6.4 with different service types

I tried configuring this access list on a factory default configuration and it was fine. It just cannot be done on customer configuration. I will create a TAC case to troubleshoot it. Thanks a lot.

Add access-list through ADSM 6.4 with different service types

Hello Y.lo,

Sure, keep us posted and provide us what TAC tells you so we can understand what is going on and mark the question as answered.

Regards,

Julio

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
New Member

Add access-list through ADSM 6.4 with different service types

It turns out that there is a service object group named "domain" configured by customer. So this mixes up with the default udp service "domain". The problem is fixed by deleting the object group.

Super Bronze

Add access-list through ADSM 6.4 with different service types

Great finding and thanks for the update.

New Member

I know this is an old post,

I know this is an old post, not sure if it is till active. I am having the same problem. I can not add two service groups of different protocols to a service. I am getting  "Service cannot contain services of different types".

I am running ASDM 6.4.9 and ASA 8.4.3.

It seems to work fine when I add different protocol ports individually, just not when I add groups.

Cisco Employee

Hi ,I don't see any issue in

Hi ,

I don't see any issue in lab. Can you post the relevant configuration and the error ?

Thanks and Regards,

Vibhor Amrodia

New Member

Thank you for your reply. The

Thank you for your reply. The error happens when I try to add Service Groups of multiple protocols to an access list.

It works fine when I add ports of different protocols. (See capture1.png)

I would like to make these ports Service Groups that are easier to read and manage. (See capture2.png)

When I try to replace the individual ports with the new service groups I receive the error in capture3.png

 

New Member

I'm having the same issue, 

I'm having the same issue, 

Can anybody put an update here?

I'm running ASA 9.5(2)

ASDM 7.6(1)

2692
Views
0
Helpful
13
Replies