Service group working with TCP/UDP/ICMP ports

Richa05 · ‎04-10-2018

I am facing a problem in grouping TCP/UDP/ICMP port services (like http,https,ping etc) into a single service group.

However after creating a service group, it is showing grey out in ASDM and also the group is not working after calling it in a policy rule..

Please help with the same

amit3 · ‎04-10-2018

I have same problem.

Rob Ingram · ‎04-10-2018

Hi,
Can you provide the configuration of the service group you created and also what you attempted to configure for the ACL please?

Richa05 · ‎04-10-2018

Hi,
Please find the below configuration for the same

object-group service WSUS-Service-Group
service-object tcp destination eq www
service-object icmp echo
service-object icmp echo-reply
service-object icmp time-exceeded
service-object icmp traceroute
service-object icmp unreachable
access-list (INTERFACE NAME) extended permit object-group WSUS-Service-Group object (OBJECT NAME) object (OBJECT NAME) log

The service is greyout in ASDM and is not working also, However the same is working if i define the rules by keeping http and ping differently.

Rob Ingram · ‎04-10-2018

Hi, I copied and pasted your service group config into my lab ASA and then was able to successfully create an ACL, nothing was greyed out.

What version of ASA/ASDM are you running? I am using ASA v9.8 and ASDM 7.8(2)151, perhaps the version you run does not permit what you are attempting.

Richa05 · ‎04-10-2018

I am using the version

disk0:/asa981-lfbff-k8.SPA

Device Manager Version 7.9(1)

and grey out Service group is shown in attached image.

Is there any other reason of not having the service running. Also can you please share the screenshot of service group active on your asdm.