topic Hi Rishabh, in Network Security

Strange problem with ASDM when we move up sec rule one step

MJonkers — Mon, 11 Mar 2019 20:33:45 GMT

Hi,

We have a 5540 firewall, when we push up a firewall rule one step we get a message from ASDM that this cannot be done. See file included?

Why is this, I did never see this problem. We use a lot of ASA's including 5550 and 5580's.

ASA image is 8.4(1)

ASDM is 6.4(1)

Thanx for your reply.

Marc

Re: Strange problem with ASDM when we move up sec rule one step

Anu M Chacko — Mon, 16 May 2011 10:46:02 GMT

Hi Marc,

The device seems to be hitting bug :CSCsw34639- ASDM not using ACL line number correctly. Here are the details:

Symptom:
When using ASDM 6.1.5 or later to modify access-list entries on a PIX or ASA firewall, attempts to remove or modify lines may fail indicating either "Specified access-list does not exist at that line" or "Specified remark does not exist". This is because ASDM is using the incorrect access-list element line number.

Conditions:
This has been seen on ASDM version 6.1.5 with access-list of varying sizes.

Workaround:
There is no current workaround at this time. Changes can still be made outside of ASDM via the CLI.

So there is no available workaround. You will have to edit your configuration from the CLI.

Regards,

Anu

P.S. Please mark the question as resolved if it has been answered. Do rate helpful posts.

Good day guys,

mentalcase — Tue, 01 Dec 2015 13:29:08 GMT

Good day guys,

I see this post has been here a while, about 5 years or so.

I am currently employed at a company were there is over 70 firewalls in total and ASDM is still key to managing Access Rules.

The problem I am having is the following: CSCsw34639.

I would like to know if there is a workaround for this bug.

Like Above stated when you move access rules in asdm it takes the wrong Line number and that gives you the following error Specified remark does not exist.

Any info will be appreciated.

Hi,

Rishabh Seth — Tue, 01 Dec 2015 13:35:42 GMT

Hi,

I think this defect is seen in older ASDM version. You can try the recommended ASDM version for your firewall OS version.

Refer following link to know more about ASA and ASDM comatibility:

http://www.cisco.com/c/en/us/td/docs/security/asa/compatibility/asamatrx.html#pgfId-121785

Thanks,

Rishabh Seth

PS: Rate if it helps and mark answer as correct if it resolves your issue.

Hi Rishabh,

mentalcase — Wed, 02 Dec 2015 08:23:43 GMT

Hi Rishabh,

Thanx for your reply, the thing is I have checked the compatibility page, the 5515x ASA version we are using is 9.4(2) with the compatible ASDM version 7.5(1).

These versions are the ones I'm having a problem with, and I can not downgrade the ASA version number because we are going to use the SFR module for deep packet inspection and you need ASA version 9.2 and above as far as I know.

We also have a few firewalls 5510's that has 8.x asa version with asdm 6.4 and above and we do not really get this problem.

To do 100+ ACL's in the CLI of a firewall is just not practical.

Any suggestions would help.

Thanks