Solved: Cannot Modify a Service Object-Group

ronbuchalski · ‎10-28-2013

We have an ASA 5540 running ASA v 8.4(7). I am attempting to edit an existing service object-group, to add a few additional ports. However, when I attempt to do so, I get one of two problems.

If I type 'object-group service FOO' and enter it, I get:

An object-group with the same id but different type (service) exists

If I type 'object-group service FOO tcp and enter it, the ASA accepts the command, and the cursor drops to the next line, but I receive no prompt, and whatever I type in does not echo on the screen. It's like the ASA goes into the Twilight Zone.

I can log into the ASA with another SSH session, so it's not like the ASA is locked up.

Any ideas about this one?

Thanks in advance,

-rb

jumora · ‎10-29-2013

Thank you for the update!!!

Value our effort and rate the assistance!

View solution in original post

jumora · ‎10-31-2013

Please update the ticket as resolved or answered so we can close out followup.

Value our effort and rate the assistance!

View solution in original post

jumora · ‎10-28-2013

Please run the next command:

show run object id FOO

Please send the output so I can understand what is going on.

Value our effort and rate the assistance!

jumora · ‎10-28-2013

And also:

show run object-g id FOO

Value our effort and rate the assistance!

ronbuchalski · ‎10-29-2013

I found what the problem was. The primary and secondary ASAs were no longer in sync with the configuration, so it wouldn't let me change anything. But it didn't warn me either.

I failed over to the secondary, and rebooted the primary, and they re-synced configurations. Then I was able to change the object-group, as expected.

Thanks for your assistance.

-rb

jumora · ‎10-29-2013

Thank you for the update!!!

Value our effort and rate the assistance!

jumora · ‎10-31-2013

Please update the ticket as resolved or answered so we can close out followup.

Value our effort and rate the assistance!