Guest

Cisco ASA 5500-X Series Next-Generation Firewalls

ASA 5500 Series Adaptive Security Appliance FAQ

Document ID: 113390

Updated: Mar 02, 2012

   Print

Introduction

This document answers frequently asked questions about the Cisco ASA 5500 Series Adaptive Security Appliance.

Q. Why am I unable to ping the inside interface of the ASA from a host connected to the outside interface of the ASA?

A. The default behavior of the ASA is to allow all ICMP traffic to the ASA interfaces. However, the ASA denies ICMP messages received at the outside interface for destinations on a protected interface.

Q. Does ASA currently support LDAP paging based on RFC 2696?

A. ASA does not currently support LDAP paging as per RFC 2696. Refer to Cisco bug ID CSCto23049 ( registered customers only) for more information.

Q. When LDAP authentication/authorization is performed from an LDAP server on ASA, if a user has over 999 values for a single attribute, then the user authentication/authorization fails with this error message: %ASA-3-109035: Exceeded maximum number (999) of DAP attribute instances for user = <username>%ASA-6-113013: AAA unable to complete the request Error : reason = Invalid response received from server : user = <username>.

A. Upgrade to ASA 8.4(2.6) or later where the support for processing more than 999 has been added. Refer to Cisco bug ID CSCtc95264 ( registered customers only) for more information.

Related Information

Updated: Mar 02, 2012
Document ID: 113390