02-23-2024 02:22 AM
Hi all,
I have a problem with Deploy configuration to my Cisco ASA5516-X via FMC (firmware 6.2.3.18).
I tried deleted access list where is an error - still problem. I tried recreate same problem, restart FMC, ASA: same problem.
Any idea?
Here is output:
Refer to the following troubleshooting information when contacting Cisco TAC.
Lina messages
FMC >> no strong-encryption-disable
FMC >> object-group network any
FMC >> network-object 0.0.0.0 0.0.0.0
FMC >> network-object ::/0
FMC >> object-group network FMC_INLINE_dst_rule_268449792
FMC >> description Auto Generated by FMC from dst of UnifiedNGFWRule# 21 (FW-policy/mandatory)
FMC >> network-object object srv-app-002
FMC >> network-object object srv-app-001
FMC >> network-object object WANv6
FMC >> object-group network FMC_INLINE_dst_rule_268448769
FMC >> description Auto Generated by FMC from dst of UnifiedNGFWRule# 28 (FW-policy/mandatory)
FMC >> object-group network FMC_INLINE_src_rule_268439590
FMC >> description Auto Generated by FMC from src of UnifiedNGFWRule# 33 (FW-policy/mandatory)
FMC >> object-group network FMC_INLINE_src_rule_268439580
FMC >> description Auto Generated by FMC from src of UnifiedNGFWRule# 35 (FW-policy/mandatory)
FMC >> object-group network FMC_INLINE_src_rule_268440577
FMC >> description Auto Generated by FMC from src of UnifiedNGFWRule# 44 (FW-policy/mandatory)
FMC >> object-group network FMC_INLINE_dst_rule_268440577
FMC >> description Auto Generated by FMC from dst of UnifiedNGFWRule# 44 (FW-policy/mandatory)
FMC >> object-group network FMC_INLINE_src_rule_268441604
FMC >> description Auto Generated by FMC from src of UnifiedNGFWRule# 45 (FW-policy/mandatory)
FMC >> object-group network FMC_INLINE_dst_rule_268441604
FMC >> description Auto Generated by FMC from dst of UnifiedNGFWRule# 45 (FW-policy/mandatory)
FMC >> object-group network FMC_INLINE_src_rule_268443648
FMC >> description Auto Generated by FMC from src of UnifiedNGFWRule# 46 (FW-policy/mandatory)
FMC >> object-group network FMC_INLINE_dst_rule_268443648
FMC >> description Auto Generated by FMC from dst of UnifiedNGFWRule# 46 (FW-policy/mandatory)
FMC >> object-group network FMC_INLINE_src_rule_268444680
FMC >> description Auto Generated by FMC from src of UnifiedNGFWRule# 48 (FW-policy/mandatory)
FMC >> object-group network FMC_INLINE_src_rule_268440576
FMC >> description Auto Generated by FMC from src of UnifiedNGFWRule# 58 (FW-policy/mandatory)
FMC >> object-group network FMC_INLINE_src_rule_268445696
FMC >> description Auto Generated by FMC from src of UnifiedNGFWRule# 59 (FW-policy/mandatory)
FMC >> object-group network FMC_INLINE_dst_rule_268445696
FMC >> description Auto Generated by FMC from dst of UnifiedNGFWRule# 59 (FW-policy/mandatory)
FMC >> object-group network FMC_INLINE_dst_rule_268439568
FMC >> description Auto Generated by FMC from dst of UnifiedNGFWRule# 63 (FW-policy/mandatory)
FMC >> object-group network FMC_INLINE_src_rule_268439566
FMC >> description Auto Generated by FMC from src of UnifiedNGFWRule# 64 (FW-policy/mandatory)
FMC >> object-group network FMC_INLINE_dst_rule_268439566
FMC >> description Auto Generated by FMC from dst of UnifiedNGFWRule# 64 (FW-policy/mandatory)
FMC >> object-group network FMC_INLINE_src_rule_268440581
FMC >> description Auto Generated by FMC from src of UnifiedNGFWRule# 69 (FW-policy/mandatory)
FMC >> object-group network FMC_INLINE_dst_rule_268440581
FMC >> description Auto Generated by FMC from dst of UnifiedNGFWRule# 69 (FW-policy/mandatory)
FMC >> object-group network FMC_INLINE_src_rule_268446732
FMC >> description Auto Generated by FMC from src of UnifiedNGFWRule# 79 (FW-policy/mandatory)
FMC >> object-group network FMC_INLINE_dst_rule_268446732
FMC >> description Auto Generated by FMC from dst of UnifiedNGFWRule# 79 (FW-policy/mandatory)
FMC >> object-group network FMC_INLINE_src_rule_268446749
FMC >> description Auto Generated by FMC from src of UnifiedNGFWRule# 80 (FW-policy/mandatory)
FMC >> object-group network FMC_INLINE_dst_rule_268446749
FMC >> description Auto Generated by FMC from dst of UnifiedNGFWRule# 80 (FW-policy/mandatory)
FMC >> object-group network FMC_INLINE_src_rule_268448768
FMC >> description Auto Generated by FMC from src of UnifiedNGFWRule# 81 (FW-policy/mandatory)
FMC >> timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
FMC >> webvpn
FMC >> tunnel-group-list enable
FMC >> exit
FMC >> group-policy DfltGrpPolicy attributes
FMC >> address-pools value VPN-pool
FMC >> exit
FMC >> vpn-addr-assign local reuse-delay 0
FMC >> crypto isakmp nat-traversal
FMC >> no access-list CSM_FW_ACL_ advanced permit tcp ifc VLAN130_DEVICES object-group FMC_INLINE_src_rule_268446726 ifc VLAN121_DMZ object-group FMC_INLINE_dst_rule_268446726 object-group 8443 rule-id 268446726
FMC >> access-list CSM_FW_ACL_ line 223 advanced permit tcp ifc VLAN130_DEVICES object-group FMC_INLINE_src_rule_268446726 ifc VLAN121_DMZ object-group FMC_INLINE_dst_rule_268446726 object-group 8443 rule-id 268446726
FMC >> no access-list CSM_FW_ACL_ advanced permit tcp ifc VLAN130_DEVICES object-group FMC_INLINE_src_rule_268446726 ifc VLAN121_DMZ object-group FMC_INLINE_dst_rule_268446726 object-group HTTP rule-id 268446726
FMC >> access-list CSM_FW_ACL_ line 224 advanced permit tcp ifc VLAN130_DEVICES object-group FMC_INLINE_src_rule_268446726 ifc VLAN121_DMZ object-group FMC_INLINE_dst_rule_268446726 object-group HTTP rule-id 268446726
FMC >> no access-list CSM_FW_ACL_ advanced permit tcp ifc VLAN130_DEVICES object-group FMC_INLINE_src_rule_268446726 ifc VLAN121_DMZ object-group FMC_INLINE_dst_rule_268446726 object-group HTTPS rule-id 268446726
FMC >> access-list CSM_FW_ACL_ line 225 advanced permit tcp ifc VLAN130_DEVICES object-group FMC_INLINE_src_rule_268446726 ifc VLAN121_DMZ object-group FMC_INLINE_dst_rule_268446726 object-group HTTPS rule-id 268446726
FMC >> access-list CSM_FW_ACL_ line 254 remark rule-id 268449792: ACCESS POLICY: FW-policy - Mandatory
FMC >> access-list CSM_FW_ACL_ line 255 remark rule-id 268449792: L7 RULE: Access without proxy
FMC >> access-list CSM_FW_ACL_ line 256 advanced permit tcp ifc outside any ifc VLAN120_SERVERS object-group FMC_INLINE_dst_rule_268449792 object-group HTTP rule-id 268449792
FMC >> access-list CSM_FW_ACL_ line 257 advanced permit tcp ifc outside any ifc VLAN120_SERVERS object-group FMC_INLINE_dst_rule_268449792 object-group HTTPS rule-id 268449792
FMC >> access-list CSM_FW_ACL_ line 258 advanced permit tcp ifc outside any ifc VLAN120_SERVERS object-group FMC_INLINE_dst_rule_268449792 object-group 8443 rule-id 268449792
FMC >> no access-list CSM_FW_ACL_ advanced permit tcp ifc VLAN140_USR_TEACHERS object ZSKVITPC060 ifc VLAN130_DEVICES object Topeni-regulace object-group 10001_TCP rule-id 268447744
FMC >> access-list CSM_FW_ACL_ line 344 advanced permit tcp ifc VLAN140_USR_TEACHERS object ZSKVITPC060 ifc VLAN130_DEVICES object Topeni-regulace object-group 10001_TCP rule-id 268447744
FMC >> no nat (any,outside) source static any any destination static VPN-pool VPN-pool
FMC >> nat (any,outside) 2 source static any any destination static VPN-pool VPN-pool
FMC >> group-policy _gr_avpn_teachers_adm attributes
FMC >> webvpn
FMC >> no anyconnect profiles value zskvit_vpn type user
FMC >> exit
FMC >> exit
FMC >> group-policy _gr_avpn_adm attributes
FMC >> webvpn
FMC >> no anyconnect profiles value zskvit_vpn type user
FMC >> exit
FMC >> exit
FMC >> group-policy _gr_avpn_canteen attributes
FMC >> webvpn
FMC >> no anyconnect profiles value zskvit_vpn type user
FMC >> exit
FMC >> exit
FMC >> group-policy _gr_avpn_ext_zware attributes
FMC >> webvpn
FMC >> no anyconnect profiles value zskvit_vpn type user
FMC >> exit
FMC >> exit
FMC >> group-policy _gr_avpn_management attributes
FMC >> webvpn
FMC >> no anyconnect profiles value zskvit_vpn type user
FMC >> exit
FMC >> exit
FMC >> group-policy _gr_avpn_accountants attributes
FMC >> webvpn
FMC >> no anyconnect profiles value zskvit_vpn type user
FMC >> exit
FMC >> exit
FMC >> group-policy _gr_avpn_teachers attributes
FMC >> webvpn
FMC >> no anyconnect profiles value zskvit_vpn type user
FMC >> exit
FMC >> exit
FMC >> group-policy _gr_avpn_janitor attributes
FMC >> webvpn
FMC >> no anyconnect profiles value zskvit_vpn type user
FMC >> exit
FMC >> exit
FMC >> no user-identity default-domain LOCAL
FW >> info : INFO: Default-domain change will not impact existing configurations.
FMC >> clear config access-list VPN_ACL_Canteen
FW >> info : ERROR:
FMC >> clear config access-list VPN_ACL_Accountatns
FW >> info : ERROR:
FMC >> clear config access-list VPN_ACL_Janitor
FW >> info : ERROR:
FMC >> clear config access-list VPN_ACL_Management
FW >> info : ERROR:
FMC >> clear config access-list VPN_ACL_Teachers_adm
FW >> info : ERROR:
FMC >> clear config access-list VPN_ACL_Teachers
FW >> info : ERROR:
FMC >> clear config access-list VPN_ACL_EXT_ZWARE
FW >> info : ERROR:
FMC >> clear config access-list Split-Admin
FW >> info : ERROR:
FMC >> no object-group service ProxySG_ExtendedACL_128849040043
FW >> info : Removing object-group (ProxySG_ExtendedACL_128849040043) not allowed, it is being used.
FMC >> no object-group service ProxySG_ExtendedACL_128849020037
FW >> info : Removing object-group (ProxySG_ExtendedACL_128849020037) not allowed, it is being used.
FMC >> no object-group service ProxySG_ExtendedACL_128849020033
FW >> info : Removing object-group (ProxySG_ExtendedACL_128849020033) not allowed, it is being used.
FMC >> no object-group service ProxySG_ExtendedACL_128849020029
FW >> info : Removing object-group (ProxySG_ExtendedACL_128849020029) not allowed, it is being used.
FMC >> no object-group service ProxySG_ExtendedACL_128849020008
FW >> info : Removing object-group (ProxySG_ExtendedACL_128849020008) not allowed, it is being used.
FMC >> no object-group service ProxySG_ExtendedACL_128849020004
FW >> info : Removing object-group (ProxySG_ExtendedACL_128849020004) not allowed, it is being used.
FMC >> no object-group service ProxySG_ExtendedACL_128849019983
FW >> info : Removing object-group (ProxySG_ExtendedACL_128849019983) not allowed, it is being used.
FMC >> no object-group service ProxySG_ExtendedACL_103079218828
FW >> info : Removing object-group (ProxySG_ExtendedACL_103079218828) not allowed, it is being used.
FMC >> no object-group service ProxySG_ExtendedACL_103079218463
FW >> info : Removing object-group (ProxySG_ExtendedACL_103079218463) not allowed, it is being used.
FMC >> no object-group service ProxySG_ExtendedACL_103079218459
FW >> info : Removing object-group (ProxySG_ExtendedACL_103079218459) not allowed, it is being used.
FMC >> no object-group service ProxySG_ExtendedACL_103079218455
FW >> info : Removing object-group (ProxySG_ExtendedACL_103079218455) not allowed, it is being used.
FMC >> no object-group service ProxySG_ExtendedACL_103079218451
FW >> info : Removing object-group (ProxySG_ExtendedACL_103079218451) not allowed, it is being used.
FMC >> no object-group service ProxySG_ExtendedACL_103079218447
FW >> info : Removing object-group (ProxySG_ExtendedACL_103079218447) not allowed, it is being used.
FMC >> no object-group service ProxySG_ExtendedACL_103079215203
FW >> info : Removing object-group (ProxySG_ExtendedACL_103079215203) not allowed, it is being used.
FMC >> no object-group service ProxySG_ExtendedACL_103079215178
FW >> info : Removing object-group (ProxySG_ExtendedACL_103079215178) not allowed, it is being used.
FMC >> no object-group service ProxySG_ExtendedACL_103079215153
FW >> info : Removing object-group (ProxySG_ExtendedACL_103079215153) not allowed, it is being used.
FMC >> no object-group service ProxySG_ExtendedACL_103079215149
FW >> info : Removing object-group (ProxySG_ExtendedACL_103079215149) not allowed, it is being used.
FMC >> no object-group service ProxySG_ExtendedACL_103079215128
FW >> info : Removing object-group (ProxySG_ExtendedACL_103079215128) not allowed, it is being used.
FMC >> no object-group service ProxySG_ExtendedACL_103079215107
FW >> info : Removing object-group (ProxySG_ExtendedACL_103079215107) not allowed, it is being used.
FMC >> no object-group service ProxySG_ExtendedACL_94489292530
FW >> info : Removing object-group (ProxySG_ExtendedACL_94489292530) not allowed, it is being used.
FMC >> no object-group service ProxySG_ExtendedACL_94489292509
FW >> info : Removing object-group (ProxySG_ExtendedACL_94489292509) not allowed, it is being used.
FMC >> no object-group service ProxySG_ExtendedACL_90194326208
FW >> info : Removing object-group (ProxySG_ExtendedACL_90194326208) not allowed, it is being used.
FMC >> no object-group service ProxySG_ExtendedACL_90194326204
FW >> info : Removing object-group (ProxySG_ExtendedACL_90194326204) not allowed, it is being used.
FMC >> no object-group service ProxySG_ExtendedACL_90194326200
FW >> info : Removing object-group (ProxySG_ExtendedACL_90194326200) not allowed, it is being used.
FMC >> no object-group service ProxySG_ExtendedACL_90194326196
FW >> info : Removing object-group (ProxySG_ExtendedACL_90194326196) not allowed, it is being used.
FMC >> no object-group service ProxySG_ExtendedACL_81604424184
FW >> info : Removing object-group (ProxySG_ExtendedACL_81604424184) not allowed, it is being used.
FMC >> no object-group service ProxySG_ExtendedACL_94489290525
FW >> info : Removing object-group (ProxySG_ExtendedACL_94489290525) not allowed, it is being used.
FMC >> no object-group service ProxySG_ExtendedACL_55834578038
FW >> info : Removing object-group (ProxySG_ExtendedACL_55834578038) not allowed, it is being used.
FMC >> no object-group service ProxySG_ExtendedACL_55834578059
FW >> info : Removing object-group (ProxySG_ExtendedACL_55834578059) not allowed, it is being used.
FMC >> no object-group service ProxySG_ExtendedACL_55834577738
FW >> info : Removing object-group (ProxySG_ExtendedACL_55834577738) not allowed, it is being used.
FMC >> no object-group service ProxySG_ExtendedACL_55834576687
FW >> info : Removing object-group (ProxySG_ExtendedACL_55834576687) not allowed, it is being used.
FMC >> no object-group service ProxySG_ExtendedACL_55834576683
FW >> info : Removing object-group (ProxySG_ExtendedACL_55834576683) not allowed, it is being used.
FMC >> no object-group service ProxySG_ExtendedACL_55834576679
FW >> info : Removing object-group (ProxySG_ExtendedACL_55834576679) not allowed, it is being used.
FMC >> no object-group service ProxySG_ExtendedACL_55834577734
FW >> info : Removing object-group (ProxySG_ExtendedACL_55834577734) not allowed, it is being used.
FMC >> no object-group service ProxySG_ExtendedACL_94489292213
FW >> info : Removing object-group (ProxySG_ExtendedACL_94489292213) not allowed, it is being used.
FMC >> no object-group service ProxySG_ExtendedACL_51539636031
FW >> info : Removing object-group (ProxySG_ExtendedACL_51539636031) not allowed, it is being used.
FMC >> no object-group service ProxySG_ExtendedACL_81604402020
FW >> info : Removing object-group (ProxySG_ExtendedACL_81604402020) not allowed, it is being used.
FMC >> no object-group service ProxySG_ExtendedACL_81604402016
FW >> info : Removing object-group (ProxySG_ExtendedACL_81604402016) not allowed, it is being used.
FMC >> no object-group service ProxySG_ExtendedACL_81604401995
FW >> info : Removing object-group (ProxySG_ExtendedACL_81604401995) not allowed, it is being used.
FMC >> no object network ZSKVITPC061
FW >> error : ERROR: unable to delete object (ZSKVITPC061). object is being used.
Config Error -- no object network ZSKVITPC061
Other logs
Lina configuration application failure log:
Lina Files Rollback successful
Rollback APP was successful.
Solved! Go to Solution.
02-23-2024 03:28 AM
Remove all dependencies first before you remove any object, and reapply the config
02-23-2024 03:28 AM
Remove all dependencies first before you remove any object, and reapply the config
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide