Hi Giuseppe,

giuseppe parlato · ‎10-31-2015

Hello I got a really strange error while creating a local user object-group on Cisco ASA 5520,

[ERROR] object-group user ***************************************
exceeded maximum length allowed for group-name

group name is 31 characters, but on all the other firewall the same object-group does not return this error.

???!

Thanks

Rishabh Seth · ‎10-31-2015

Hi Giuseppe,

This behavior seems to be buggy as the limit for object group is from 1-64. You can check following defect:

https://tools.cisco.com/bugsearch/bug/CSCuq80881/?reffering_site=dumpcr

Check for the details mentioned in the description. Defect is duplicate of https://tools.cisco.com/bugsearch/bug/CSCum00826. So check the fix in CSCum00826.

Hope it helps!!!

Thanks,

R.Seth

giuseppe parlato · ‎11-01-2015

Thanks Rishabh,

reading bug description but are you sure it is related to user object group lenght ?

Symptom:
ASA may crash on an assertion due to:
assertion "domain_id == userp->info->domain_id" failed: file
"snp_idfw_db_api.c", line 1733

..then actually ASA didn't crashed. I found that user object-group is 41 characters not 31. Actually I can create user object-group till 32 characters. Starting from 33 characters I get the error.

Akshay Rastogi · ‎11-01-2015

Hi Giuseppe,

As Rishabh has mentioned, issue seems to be the defect mentioned in defect :

https://tools.cisco.com/bugsearch/bug/CSCuq80881/?reffering_site=dumpcr

However as it is an duplicate defect, you need to search for the fixed image in CSCum00826.

What version of ASA you are running. It is having fix in latest intermin of 8.4.7, 9.1.5 and you could also upgrade to latest supported image of asa5520 which is asa916-10-k8.bin

Regards,

Akshay Rastogi

object-group user error