cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


408
Views
0
Helpful
5
Replies
Beginner

CSM deploy error

Hello,

 

I have found a previous question related to the same error I'm getting but no answer.

 

I have rearranged the policy based on different new sections, different logic. I didn't changed the content of the sections, so basically the policy is the same.

 

Now when I'm trying to deploy the new policy, I'm getting this error:

"An error response from the device prevented successful completion of this operation. The device provided the following description: no access-list … log default Specified access-list does not exist."

 

This seems like a bug for me, since the access-list is the one to be deployed.

 

This is random error, if I'm moving the section or the rule, I'm hitting the same error on different rule.

 

I'm wondering if somebody had the same error at some point and how was solved it.

 

Many thanks in advance for your feedback!

 

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
Beginner

Re: CSM deploy error

Hi Jordi,

 

The only workaround I found is to manipulate in CLI the config directly on the ASA.

 

The steps I used:

1. change the deployment mode on CSM to a file instead of the device. This option is in Tools > Cisco Security Manager Administration > Deployment

2. copy the full config on your machine to file1

3. go on CLI to the ASA unable to deploy

4. <show run> and copy all access-lists to file2

5. on file2 search and replace <access-list> with <no access-list>

6. from file1 copy and paste all access-list to file3

7. from file1 copy and paste all access-group to file4

8. go back to CLI on the ASA and

 a. paste file2

 b. paste file3

 c. paste file4

9. go back to CSM and change back the deployment from file to device

10. on the policy which you are trying to deploy on CSM, disable a not very important rule

11. save and deploy

 

For me worked.

 

Good luck!

Catalin

5 REPLIES 5
VIP Advisor

Re: CSM deploy error

what is the version of CSM ?

 

is this FWSM or ASA ? if ASA what is the Code running on that ASA ?

 

BB
*** Rate All Helpful Responses ***
Beginner

Re: CSM deploy error

CSM 4.15

ASA 9.6(3)9

Highlighted
Beginner

Re: CSM deploy error

Hello,

 

I have the same issue, please could you tell me how resolve this issue?

 

Many thanks for all

 

Jordi

Beginner

Re: CSM deploy error

Hi Jordi,

 

The only workaround I found is to manipulate in CLI the config directly on the ASA.

 

The steps I used:

1. change the deployment mode on CSM to a file instead of the device. This option is in Tools > Cisco Security Manager Administration > Deployment

2. copy the full config on your machine to file1

3. go on CLI to the ASA unable to deploy

4. <show run> and copy all access-lists to file2

5. on file2 search and replace <access-list> with <no access-list>

6. from file1 copy and paste all access-list to file3

7. from file1 copy and paste all access-group to file4

8. go back to CLI on the ASA and

 a. paste file2

 b. paste file3

 c. paste file4

9. go back to CSM and change back the deployment from file to device

10. on the policy which you are trying to deploy on CSM, disable a not very important rule

11. save and deploy

 

For me worked.

 

Good luck!

Catalin

Beginner

Re: CSM deploy error

I see a lot of people have read the "recipe" but no comments. Maybe some explanation is need it. CSM cannot deploy because sees too many differences, lets say. So the idea is to limit that, replacing manually old ACLs with new ACLs generated by CSM. Like I said previously, for me it's working perfectly.

 

Maybe Cisco fixed this bug in newer CSM versions but I did't get the chance to test that.