Question : Creating New Access Rule, Cisco ASDM 6.1 for PIX

Hi,

I am trying to create a new access rule using Cisco ASDM 6.1 for PIX firewall. I have inherited this system. So I need to allow port 1521 on a particular access rule for a particular server IP.

1. I select the access rule and select edit.
2. I then click on the service options which opens the Browse Services window
3. I then cleck Add, select TCP Service Group which opens the Add TCP Service Group window
3. I fill in the Name, Description, select the Create new Member and add the port number.

When I click ok, I recieve this error 'Service Group must contain at least one entry'. I am unable to create the new service group and associate this with an existing rule.

I anyone has come across this problem your assistance is greatly appreciated.

Thank you, Carlo

Answer : Creating New Access Rule, Cisco ASDM 6.1 for PIX

A couple of things to try:

On the left side select existing service/group and select the one labeled "sqlnet" which should be 1521.

If that works, then it's a solution, although it doesn't explain why you are having the problem.

You might try in the "Create new member" area, in the text box put in "1521-1521" and see if it does the same thing.

I'm thinking that you may have encountered a bug in the ASDM software, so you might consider up/downgrading the ASDM install if this continues.

Sorry I don't have more to contribute, but it seems like you are doing everything correctly and if it's a bug there's not a lot you can do except pull a new version of ASDM down and replace the existing one to see if it fixes the issue.