Guest

Cisco ASA 5500-X Series Next-Generation Firewalls

Cisco ASA 5500 Series Release Notes, 8.0(5)

  • Viewing Options

  • PDF (390.3 KB)
  • Feedback
Cisco ASA 5500 Series Release Notes Version 8.0(5)

Table Of Contents

Cisco ASA 5500 Series Release Notes Version 8.0(5)

Important Notes

Limitations and Restrictions

Upgrading the Software

Downloading Software from Cisco.com

Upgrading Your Software

System Requirements

Memory Requirements

Standard DRAM and Internal Flash Memory

Memory Upgrade Kits

Viewing Flash Memory

DRAM, Flash Memory, and Failover

ASDM, SSM, and VPN Compatibility

New Features

Open Caveats in Software Version 8.0(5)

Resolved Caveats in Software Version 8.0(5)

Related Documentation

Obtaining Documentation and Submitting a Service Request


Cisco ASA 5500 Series Release Notes Version 8.0(5)


November 2009

This document includes the following sections:

Important Notes

Limitations and Restrictions

Upgrading the Software

System Requirements

New Features

Open Caveats in Software Version 8.0(5)

Resolved Caveats in Software Version 8.0(5)

Related Documentation

Obtaining Documentation and Submitting a Service Request

Important Notes

ASA Compatible with EIGRP Version 3—EIGRP support was added in Version 8.0(2). However, due to a packet format change, Version 8.0(3) and later are not compatible with Version 8.0(2). Therefore, if you upgrade an adaptive security appliance to Version 8.0(3) or later, and it is peering with another adaptive security appliance running Version 8.0(2), then the peer must also be upgraded, or EIGRP will not operate correctly.

Show Active Directory Groups—The DAP Usability feature, used to list active directory groups, is for ASDM only. The show ad-groups command is not intended for CLI use.

Limitations and Restrictions

Please note the following operational limitations:

Stateful Failover with Phone Proxy—When using Stateful Failover with phone proxy, information is not passed to the standby unit; when the active unit goes down, the call fails, media stops flowing, and the call must be re-established.

No .NET over Clientless sessions—Clientless sessions do not support .NET framework applications (CSCsv29942).

When using Clientless SSL VPN Post-SSO parameters for the Citrix Web interface bookmark, Single-Signon (SSO) works but the Citrix portal is missing the Reconnect and Disconnect buttons. Only the Log Off button shows up. When not using SSO over Clientless, all three buttons show up correctly.

Workaround: Use the Cisco HTTP-POST plugin to provide single signon and correct Citrix portal behavior.

The adaptive security appliance does not support phone proxy and CIPC for remote access.

Upgrading the Software

Use the show version command to verify the software version of your adaptive security appliance. Alternatively, the software version appears on the ASDM home page.

This section includes the following topics:

Downloading Software from Cisco.com

Upgrading Your Software

Downloading Software from Cisco.com

If you have a Cisco.com login, you can obtain software from the following website:

http://www.cisco.com/cisco/software/navigator.html

Upgrading Your Software

To upgrade to 8.0(5), see the "Managing Software, Licenses, and Configurations" chapter in the Cisco Security Appliance Command Line Configuration Guide:

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/mswlicfg.html

Be sure to back up your configuration before upgrading.

System Requirements

The sections that follow list the system requirements for operating an adaptive security appliance. This section includes the following topics:

Memory Requirements

ASDM, SSM, and VPN Compatibility

Memory Requirements

The adaptive security appliance includes DRAM and an internal CompactFlash card. You can optionally use an external CompactFlash card as well. This section includes the following topics:

Standard DRAM and Internal Flash Memory

Memory Upgrade Kits

Viewing Flash Memory

DRAM, Flash Memory, and Failover

Standard DRAM and Internal Flash Memory

Table 1 lists the standard memory shipped with the adaptive security appliance.

Table 1 Standard Memory

ASA Model
Default DRAM (MB)
Default Internal Flash Memory (MB)

5505

256

128

5510

256

256

5520

512

256

5540

1024

256

5550

4096

512



Note If your adaptive security appliance has only 64 MB of internal CompactFlash (which shipped standard in the past), you should not store multiple system images, or multiple images of the new AnyConnect VPN client components, client/server plugins, or Cisco Secure Desktop.


Memory Upgrade Kits

The ASA 5510 DRAM upgrade kit is available from Cisco with the following part number:

ASA 5510 DRAM, 512 MB—ASA5510-MEM-512=

256 MB and 512 MB CompactFlash upgrades are available from Cisco with the following part numbers:

ASA 5500 Series CompactFlash, 256 MB—ASA5500-CF-256MB=

ASA 5500 Series CompactFlash, 512 MB—ASA5500-CF-512MB=

Viewing Flash Memory

You can check the size of internal flash and the amount of free flash memory on the adaptive security appliance by doing the following:

ASDM—Click Tools > File Management. The amounts of total and available flash memory appear on the bottom left in the pane.

CLI—In Privileged EXEC mode, enter the dir command. The amounts of total and available flash memory appear on the bottom of the output.

For example:

hostname # dir
Directory of disk0:/

43     -rwx  14358528    08:46:02 Feb 19 2007  cdisk.bin
136    -rwx  12456368    10:25:08 Feb 20 2007  asdmfile
58     -rwx  6342320     08:44:54 Feb 19 2007  asdm-600110.bin
61     -rwx  416354      11:50:58 Feb 07 2007  sslclient-win-1.1.3.173.pkg
62     -rwx  23689       08:48:04 Jan 30 2007  asa1_backup.cfg
66     -rwx  425         11:45:52 Dec 05 2006  anyconnect
70     -rwx  774         05:57:48 Nov 22 2006  cvcprofile.xml
71     -rwx  338         15:48:40 Nov 29 2006  tmpAsdmCustomization430406526
72     -rwx  32          09:35:40 Dec 08 2006  LOCAL-CA-SERVER.ser
73     -rwx  2205678     07:19:22 Jan 05 2007  vpn-win32-Release-2.0.0156-k9.pkg
74     -rwx  3380111     11:39:36 Feb 12 2007  securedesktop_asa_3_2_0_56.pkg

62881792 bytes total (3854336 bytes free)

hostname #

DRAM, Flash Memory, and Failover

In a failover configuration, the two units must have the same amount of DRAM. You do not have to have the same amount of flash memory. For more information, see the failover chapters in Cisco Security Appliance Command Line Configuration Guide.


Note If you use two units with different flash memory sizes, make sure that the unit with the smaller flash memory has enough space for the software images and configuration files.


ASDM, SSM, and VPN Compatibility

Table 2 lists information about ASDM, SSM, and VPN compatibility with the ASA 5500 series.

Table 2 ASDM, SSM, SSC, and VPN Compatibility

Application
Description

ASDM

ASA 5500 Version 8.0(5) requires ASDM Version 6.2(3) or later.

For information about ASDM requirements for other releases, see Cisco ASA 5500 Series and PIX 500 Series Security Appliance Hardware and Software Compatibility:

http://www.cisco.com/en/US/docs/security/asa/compatibility/asamatrx.html

VPN

For the latest OS and browser test results, see the Supported VPN Platforms, Cisco ASA 5500 Series, Versions 8.0(2) to 8.1(1):

http://www.cisco.com/en/US/docs/security/asa/compatibility/asa-vpn-compatibility.html

SSM applications

For information about SSM application requirements, see Cisco ASA 5500 Series and PIX 500 Series Security Appliance Hardware and Software Compatibility:

http://www.cisco.com/en/US/docs/security/asa/compatibility/asamatrx.html


New Features

Released: November 3, 2009

Hi

Table 3 lists the new features for ASA Version 8.0(5)/ASDM Version 6.2(3).


Note Version 8.0(5) is not supported on the PIX security appliance.


Table 3 New Features for ASA Version 8.0(5)/ASDM Version 6.2(3) 

Feature
Description
Remote Access Features

Scalable Solutions for Waiting-to-Resume VPN Sessions

An administrator can now keep track of the number of users in the active state and can look at the statistics. The sessions that have been inactive for the longest time are marked as idle (and are automatically logged off) so that license capacity is not reached and new users can log in

The following ASDM screen was modified: Monitoring > VPN > VPN Statistics > Sessions.

Also available in Version 8.2(2).

Application Inspection Features
Enabling Call Set up Between H.323 Endpoints

You can enable call setup between H.323 endpoints when the Gatekeeper is inside the network. The adaptive security appliance includes options to open pinholes for calls based on the RegistrationRequest/RegistrationConfirm (RRQ/RCF) messages.

Because these RRQ/RCF messages are sent to and from the Gatekeeper, the calling endpoint's IP address is unknown and the security appliance opens a pinhole through source IP address/port 0/0. By default, this option is disabled.

The following ASDM screen was modified: Configuration > Firewall > Objects > Inspect Maps > H.323 > Details > State Checking.

Also available in Version 8.2(2).

Interface Features

In multiple context mode, auto-generated MAC addresses now use a user-configurable prefix, and other enhancements

The MAC address format was changed to allow use of a prefix, to use a fixed starting value (A2), and to use a different scheme for the primary and secondary unit MAC addresses in a failover pair.

The MAC addresess are also now persistent accross reloads.

The command parser now checks if auto-generation is enabled; if you want to also manually assign a MAC address, you cannot start the manual MAC address with A2.

The following ASDM screen was modified: Configuration > Context Management > Security Contexts.

Also available in Version 8.2(2).

High Availablility Features

No notifications when interfaces are brought up or brought down during a switchover event

To distinguish between link up/down transitions during normal operation from link up/down transitions during failover, no link up/link down traps are sent during a failover. Also, no syslog messages about link up/down transitions during failover are sent.

Also available in Version 8.2(2).

Routing Features

DHCP RFC compatibility (rfc3011, rfc3527) to resolve routing issues

This enhancement introduces adaptive security appliance support for DHCP RFCs 3011 (The IPv4 Subnet Selection Option) and 3527 (Link Selection Sub-option for the Relay Agent Information Option).

The following ASDM screen was modified: Remote Access VPN > Network Access > IPsec connection profiles > Add/Edit.

Also available in Version 8.2(2).

SSM Features

CSC 6.3 Support in ASDM

ASDM displays Web Reputation, User Group Policies, and User ID Settings in the Plus License listing on the main home page. CSC 6.3 security event enhancements are included, such as the new Web Reputation events and user and group identifications.


Open Caveats in Software Version 8.0(5)

The caveats listed in Table 4 are open in software Version 8.0(5). If you are a registered Cisco.com user, view more information about each caveat using the Bug Toolkit at the following website:

http://tools.cisco.com/Support/BugToolKit/

Table 4 Open Caveats in Version 8.0(5) 

Caveat ID
Description

CSCsu02296

ASA - show parser dump all crashes ASA

CSCsv02535

Crash at eip 0x0817a861 <output_context+97 at dbgtrace/dbgtrace.c:1145>

CSCsv07331

GROUP field in customization translation table not configurable

CSCsv26518

inspect sip fails after PPPoE session is reset

CSCsv73764

Unable to Browse to Domain Based DFS Namespaces

CSCsw22884

SNMP output for Active IKE SA's is a difference of 500

CSCsw46808

dACLs not deleted when client disconnects

CSCsw63637

TCP connections are not closed on the ASA after terminating Skinny calls

CSCsw70278

ASA Reloads with a Traceback in 'Dispatch Unit' with Phone Proxy

CSCsw79120

XDMCP server is inside of asa, xmanager client can't work well

CSCsw98373

Watchdog traceback in failover lu_rx thread during bulk sync

CSCsx13167

Umbrella bug to scrub code to see if dupb done by CP Proxy causes issues

CSCsx29692

"show parser dump exec" command causes traceback

CSCsx61920

ASA: XDMCP connection gets reset unexpectedly

CSCsx64778

show memory in a context shows incorrect memory usage

CSCsx76164

Traceback received after several days of operation

CSCsy10599

Radius Challenge not presented to anyconnect users at login

CSCsy21012

Resource limit reached for connections without saturation

CSCsy47472

ASA 8.0.4.24 traceback in Thread Name Dispatch Unit

CSCsy50676

Memory corruption and traceback in Thread Name: radius_rcv_auth (VPN)

CSCsy56403

ASA stops accepting IP from DHCP when DHCP Scope option is configured

CSCsy57838

5505 HWclient/LB - auth fail results in never ending connection attmpt

CSCsy89178

ASA - Unable to ping the backup interface used in SLA.

CSCsz04730

PIX/ASA: When route changes connections over IPSEC tunnel not torn down

CSCsz07757

ASA sends malformed DNS update request to external DHCP Server

CSCsz24243

VMWare thinapp applications don't work through SSLVPN

CSCsz44017

Crash when pinging public interface over tunnel using proxy

CSCsz48653

WARNING: The vlan id entered is not currently configured under any int

CSCsz62566

ASA 8.0(4) traceback in Dispatch Unit

CSCsz68727

PIX/ASA traceback in Thread Name: ssh

CSCsz77181

dcd option doesn't work correctly in set connection timeout

CSCsz89617

Memory leak in rt_delete and snp_nat_api_add_alias_policy

CSCsz92808

ASA: Memory leak when secure desktop is enabled

CSCta20344

DH group 5 freezes IKE processing for about 80ms

CSCta26079

Traceback in thread name Dispatch Unit

CSCta32012

WebVPN: traceback on primary causes failover to the secondary

CSCta43472

Enabling Capture Function Causes CPU Spike

CSCta45256

WebVPN group-url with a trailing "/" treated differently

CSCta45509

inspect-http: Crash in Dispatch Unit with HTTP inspect regex

CSCta46747

Traceback while executing show run after modifying the access-list

CSCta55031

GE Centricty application access and stability issues via WebVPN

CSCta72581

VPN username rejected when no sessions are active

CSCta78637

Secondary(Active) unit tracebacks in Thread Name: Dispatch Unit

CSCta79938

Standby ASA reloading because unable to allocate ha msg buffer

CSCta93567

Need better error message for VLAN Mapping for NEM Clients not supported

CSCta96306

clear crypto isakmp with high VPN load causes improper failover

CSCta98643

HTML may corrupt via WebVPN due to unnecessary escape for Shift-JIS

CSCtb05956

ASA memory leak one-time ntlm authentication

CSCtb06264

FO: data.xml file is not replicated when dap.xml file is on ASA

CSCtb18901

Some commands are executable when TACACS+ in timed mode is unreachable.

CSCtb45354

ASA traceback thread name dispatch unit, assertion calendar_queue.h

CSCtb47873

Clicking on the FOLLOW UP flag in the OWA gives an error

CSCtb53186

Duplicate ASP crypto table entry causes firewall to not encrypt traffic

CSCtb60070

Memory leak in snmp (MakeOID)

CSCtb60778

Traceback in 'ci/console' when Failing Over with Phone Proxy Configured

CSCtb64709

RRI Fails to Install Routes After Tunnel Flap

CSCtb64775

ACE added to ACL does not take effect

CSCtb67545

Framed-IP-Address missing from RADIUS Accounting Start/Stop records

CSCtb75086

Fragmented IKE Packets within IPSec tunnel dropped

CSCtb78514

Windows mobile not able to Connect to CUMA server

CSCtb93189

In clientless SSLVPN, go 'back' button causes 'page expired' error

CSCtb95721

Sip inspection doesn't inspect connections created by 302 moved messages

CSCtb98095

L2L tunnel to Microsoft Windows interrupted at 75% of ISKAMP lifetime

CSCtb98273

WebVPN Memory Leak

CSCtc06038

ASA crash in Thread Name: Unicorn Proxy Thread

CSCtc17317

Phone Proxy with SIP phone and outside nat creates 2 xlates per phone

CSCtc19251

Oracle IExpense links may get broken through WebVPN

CSCtc20079

child flows created via established cmd torn down when parent is removed

CSCtc27991

ASA crash in Thread Name: Unicorn Proxy Thread

CSCtc30025

PP: Incorrect Entry Installed in ASP Table for proxy-server command

CSCtc33398

DWA 8.5 navigation timeouts when accessed via Clientless WebVPN

CSCtc50080

ASA: Traceback in Thread Name: fover_parse

CSCtc55843

Traceback after config change over SSH session

CSCtc59462

traceback Thread Name: ssh (Old pc 0x08b4465b <npshim_read+187 at tcp/np

CSCtc61788

ASA with SSM-4GE stops sending OSPF hello's

CSCtc62281

when tcp-proxy buffer limit exceeded ASA generates misleading syslog

CSCtc70548

WebVPN: Cisco Port Forwarder ActiveX does not get updated automatically

CSCtc76943

Traceback in Thread Name: Dispatch Unit

CSCtc82010

vpnlb_thread traceback under low mem condition due to huge vpn acl

CSCtc90935

WebVPN RTCLI: ASA 5505 crash during config restoration from ASDM


Resolved Caveats in Software Version 8.0(5)

The caveats listed in Table 5 are resolved in software Version 8.0(5). If you are a registered Cisco.com user, view more information about each caveat using the Bug Toolkit at the following website:

http://tools.cisco.com/Support/BugToolKit/

Table 5 Resolved Caveats in Version 8.0(5) 

Caveat ID
Description

CSCeh26990

`asdm image' command added to config without user intervention

CSCsi27903

L2TP & NAC -> Default NAC policy prevents data from passing

CSCsj05862

Traceback in Thread Name: radius_snd

CSCsj40174

SIP CRLF keepalives stall TCP-based SIP connections

CSCsj43055

Increase CPU-hog syslog 711002 back to 100 ms by default

CSCsj43068

Make CPU hog more configurable (8.x)

CSCsj61214

Lower cpu-hog syslog 711002 from Level 7 to Level 4

CSCsk34121

Change unit pri/sec status messes up failover mac address

CSCsk40907

DAP: Increase DAP aggregation max lists lengths and make them dynamic

CSCsk89022

ASA traceback while removing dhcpd configuration.

CSCsl02630

WebVPN: Traceback in Thread Name: emweb/https

CSCsl04124

SIP does not support 'early RTCP'

CSCsl41515

ASA traceback in Dispatch Unit (Old pc 0x00223a67 ebp 0x018b12f8)

CSCsl72483

cipSecTunnelStop does not get generated when IPSec tunnel is down

CSCsl76976

HT: IPSec/TCP LB redirect fails to connect

CSCsm11264

When long url triggers syslog 304001 ASA stops sending syslogs to ASDM

CSCsm15079

ASA: 'vpn-idle-timeout none' behavior needs clarification

CSCsm20204

Extended ping command with no ip specified causes stuck thread

CSCsm24047

DNS query is sent out before cmd is completed when dns enabled

CSCsm36960

DAP: Error selecting any DAP records

CSCsm39914

match resp body length for http class-map doesnt take correct value

CSCsm40830

traceback netfs_thread_init

CSCsm81609

ASDM: users go to portal page instead of SVC starting automatically

CSCso33982

Change or replace CPU Hog syslog message

CSCso43608

snmpget of cicoMemoryPoolFree return free memory wrong in user context

CSCso66470

Failure of 4GE module stops failover from working

CSCso66911

ASA55x0 GE output stuck and underrun errors

CSCso80611

context using SSM app in promiscuous mode shows incorrect memory usage

CSCso84215

High CPU by using ASDM with "log asdm info" configured

CSCso93969

ASA mangling errors with certain webpages

CSCso95135

Zero-downtime upgrade from 7.2 not possible anymore after 8.0.3.10

CSCsq10022

High CPU when large number of VPN clients with per-user ACLs disconnect

CSCsq19457

ERROR: entry for address/mask = 0.0.0.0/0.0.0.0 may break webvpn or ASDM

CSCsq20042

'vpnclient enable' breaks 'aaa mac-exempt match'

CSCsq27110

Remove asdm location and group commands from startup config

CSCsq30162

TCP proxy needs global timeout for reassembled packets

CSCsq31399

Traceback in Thread Name: vpnfol_thread_msg when doing write standby

CSCsq34317

Without authproxy currently configured, authproxy DACLs may become stale

CSCsq34336

ASA: rate-limiting for encrypted s2s traffic not consistently handled

CSCsq39905

Traceback in IPsec message handler

CSCsq40777

ASA traceback when AIP module is reloaded

CSCsq43283

ASA traceback in thread webvpn_session_free

CSCsq43878

multi mode A/A failover write standby will see crypto CLI error in stby

CSCsq48636

High CPU when nameif/security level changed for new interface

CSCsq53127

DACL remain stale when when used with EzVPN NEM

CSCsq55969

"show parser dump all" causes Traceback in ci/console

CSCsq56045

SSO with Radius challenge/response - OTP is reused for internal sites

CSCsq61081

Intf monitoring table for ASDM history stats shows the wrong timestamp

CSCsq65437

ASA 8.0 does not correctly calculate TCP MSS for traffic to the box

CSCsq65580

set nat-t-disable does not override crypto isakmp nat-traversal

CSCsq68617

ASA5540 - High CPU during vpn auth if the AAA server is down

CSCsq73010

ASA 7.2.3.19 traceback in Thread Name: IKE Receiver

CSCsq74923

ASA - no support for auto update when used with webvpn on same int.

CSCsq77997

SSL VPN: Rewriting errors when caching enabled

CSCsq80095

PIX/ASA: Console gets frozen if user logs in during failover replication

CSCsq84093

PIX/ASA: Accounting packet shows "unknown" as username

CSCsq87422

"show failover" on PIX does not show monitored interfaces after upgrade

CSCsq87533

DHCP Client not receiving DHCP ACK during addr renewal with DHCP relay

CSCsq89467

Plugins cause java.io.IOException when web ACL is applied

CSCsq90760

Traceback in ci/console

CSCsq91271

IKE FSM for AM responder gets into bad state + error loop

CSCsq91277

ACL Misbehavior in Cisco ASA

CSCsr00298

Keepalive period for asdm_logging is too long

CSCsr01628

ASA5505 fails to process any packets until a show tech issued on console

CSCsr02395

copying config via tftp breaks through ipsec l2l tunnel

CSCsr04639

traceback after SSH connection close from ASA5550

CSCsr05453

ASA/PIX:CPU spike may be noticed when removing objects from object-group

CSCsr09436

FTP buffer logging queue not cleared when logging is disabled

CSCsr11242

ASA 8.0 - Standby unit stuck in Sync Config state after write standby

CSCsr11493

ASDM - read-only users receive "enter network password" popup

CSCsr17905

Slow memory leak due to crypto key generation

CSCsr21103

CUPS/CUPC fails through the ASA, msg size < 8K

CSCsr23204

ARP collision detected: Primary MAC used by both active and standby

CSCsr23628

ASA ignores webtype ACLs with "?" char in URL

CSCsr25122

Page fault in IP thread under high traffic load

CSCsr25353

Scanning threat-detection reports incorrect victim subnets

CSCsr29027

Traceback in thread name Checkheaps related to WebVPN

CSCsr32004

ASA may crash after processing certain malformeded EIGRPpackets

CSCsr32208

Active firewall fails to replicate any ICMP connections to standby

CSCsr39311

CM SIP Trunk call failures due to ASA closing connection by inspection

CSCsr39880

Insert and removal of compact flash may result in system hang

CSCsr40409

WebVPN: Group-URL feature fails when connection profile name has spaces

CSCsr41534

ASA may traceback with Thread Name: emweb/https

CSCsr41868

Cisco ASA w/ VPN- Array index out of bounds Software Failure

CSCsr46157

Traceback when 'no nameif' executed under an interface

CSCsr46385

ASA needs to support host ACE Entries for Multicast RP mapping

CSCsr47319

vpn-sessiondb data counters for webvpn sessions incorrect

CSCsr47881

Out of 80 byte blocks leads to Flow closed by inspection with TLS-Proxy

CSCsr50655

asa traceback in dispatch unit

CSCsr53737

AnyConnect sessions dropped when Failover occurs with HostScan

CSCsr56975

Traceback while executing the "ddns update hostname xxxx" command

CSCsr57537

ASA Impossible to send mail with OWA when using CSC and WebVPN

CSCsr58672

CPU hog in nat module when acls are added

CSCsr59417

Port Forwarding Fails Intermittently due to DNS

CSCsr60908

WebVPN CIFS failing with STATUS_NO_LOGON_SERVERS

CSCsr62405

reload occurs when url-server is unavailable and using udp transport

CSCsr63074

DPD not sent when peer is dead & tunnel not idle on s2s with 7.2.4

CSCsr63082

SSL VPN: link adds two extra slashes cifs:// to \\server\share/filename

CSCsr64970

ASA big dap.xml file partially replicated in failover

CSCsr65102

ASA 8.0.3.12 Traceback in Thread: aaa

CSCsr65235

Samba authentication failure - CIFS implementation is case insensitive

CSCsr65574

Memory leak in AAA [ eap proxy ]

CSCsr66402

Tracebacks on standby unit (Thread Name: lu_rx)

CSCsr67861

WebVPN: Can not open custom profile "webfo" (a nil value)

CSCsr68455

CPU spike when deleteing IKE SA with VPN-Filters

CSCsr71069

ASA - OSPF over IPSEC over PPPoe connection not working correctly

CSCsr73107

Pix traceback fover_parse page fault in route processing

CSCsr74265

ASA crypto HW error when trying to fragment small IP packet

CSCsr74439

PIX/ASA: Certain malformed NAT-T packets may cause IKE process to hang

CSCsr75077

Fallback case fails when OCSP revocation check configured

CSCsr81712

Memory leak with inspection IM enabled

CSCsr84465

Backup option in ASDM causes traceback on secondary unit with failover

CSCsr84998

SSL VPN: CSD tokens not cleaned up correctly

CSCsr85574

Fix for CSCsd37075 (cl39781) lost in napa/main

CSCsr91721

FOVER: Error trying to delete acl when used as a network-acl in DAP

CSCsr96463

ASA denial of service on dhcp server

CSCsr98211

Smart tunnel connections remain active indefinitely after user's session

CSCsr98736

5505 crash with 256 MB memory

CSCsu00068

IP packets being dropped due to invalid IP header;bad checksum

CSCsu00218

ASA 8.0(4) WEBVPN: Web-Type ACL incorrectly denies traffic with DAP

CSCsu00534

assert failure causes checkheaps to detect memory corrpution with AAA

CSCsu00947

Webvpn: RDP plugin: Ignore geometry if FullScreen parameter is present.

CSCsu01332

PIX 6.x to 7.x upgrade removes nonegotiate from interface

CSCsu02317

ASA strips domain in RADIUS accounting packet

CSCsu02718

snmp get-next-request incorrect value IP-MIB::ipAdEntAddr from standby

CSCsu03240

snmpgetnext not responding properly for cfwBufferStatValue OID

CSCsu04547

Radius Challenge Message include <tag> make anyconnect fail

CSCsu05551

brief outage re-establishing failover link/state in active/active mode

CSCsu06543

Proxy auth when in RSA Next-Token-Mode fails 50% of the redirection

CSCsu08061

ASA:RRI:Routes incorrectly deleted when split-tunneling enabled

CSCsu11361

phone proxy: deleted phone continues to use license for some time

CSCsu11575

Cisco ASA may reload after receiving certain IPv6 packets

CSCsu21846

smart tunnel fail behind proxy server

CSCsu22504

PP: w/ names configured, FQDN for CUCMs, no app-redirect rules created

CSCsu23121

Cannot access CIFS shares based on "name" commands

CSCsu26592

ASA 7.2: FO replication not working for dACL with wildcard netmask

CSCsu26649

Large packets dropped with ip-comp enable configured

CSCsu27158

Traceback in Unicorn Proxy Thread (Old pc <fiber_yield+92 )

CSCsu27257

"show asp table classify" doesn't show WCCP domain

CSCsu27564

File browsing fails when using client certificate

CSCsu37362

http inspection shouldn't reset for protocol-violation if not configured

CSCsu37451

"Interface number is -1" and no incoming traffic for a vlan interface

CSCsu38259

ASP Classify Table for WCCP not Updated on Service Port Change from CE

CSCsu38292

interface Virtual254 appears in show interface output

CSCsu38385

Debug webvpn javascript trace user not disabled by undebug all

CSCsu39077

Translation table webvpn.po has no entry password and verify password.

CSCsu40015

management-only cmd not synced. when m0/0 configured for failover

CSCsu40029

ASA standby continually reloads

CSCsu41224

Traceback in Thread Name: CMGR Server Process

CSCsu43121

Traceback: Long IKE attributes can cause buffer overrun

CSCsu44453

HT: ASDM Handler gives 503 Service Unavailable because resource limit

CSCsu44598

SQLNet inspection closes flow

CSCsu46588

Heuristic based scanners report smart tunnel as malware

CSCsu47981

Failover of VPN connections not working with FIPS enabled

CSCsu48860

traceback eip 0x08c4cab2 log_to_servers+1426 at /slib/include/channel.h

CSCsu50074

Traceback in Thread Name: IPsec message handler

CSCsu52268

SSH won't work to interface with ip address assigned via DHCP

CSCsu55642

redundant interface switchover in transparent mode not stable

CSCsu56483

Extend show ak47 to display per pool and per block information

CSCsu58733

L2TP IPSec ASA send ESP packet with using old SA pair

CSCsu59140

Access-lists that use "interface" may not work if i/f changes

CSCsu62782

VPN traffic gets dropped after rekey w/ multiple cry seq# for same peer

CSCsu63101

ASA pushes reversed mask and gw if dhcp-network-scope is in the GP

CSCsu63272

reload after issuing show crypto ipsec sa, related to anti-replay

CSCsu63887

show conn shows incorrect flags : outbound conns have B flag set

CSCsu65118

ASA: Traceback in Thread Name: ssh

CSCsu65383

QOS: L2L Police will not pass traffic

CSCsu65735

ASA may allow authentication of an invalid username

CSCsu66300

WebVPN CIFS bookmarks causes memory leak requiring a reboot

CSCsu67417

Radius accounting request fails on ASA if we have many radius attributes

CSCsu68795

Redundant interface goes down after ASA resets

CSCsu69083

Incorrect Entry Installed in ASP Table for inbound TFTP by Phone Proxy

CSCsu69765

ASA nat command with VPN LB is lost after reload

CSCsu70539

ASA5505 hangs while booting 8.0.4 at mfg

CSCsu70543

ASA: LDAP doesn't do searchRequest for user if there is an "\" in cert

CSCsu71696

Traceback in netfs_thread_init: Page fault: Address not mapped

CSCsu72509

SSH fails after multiple failovers

CSCsu72519

TD shuns UDP senders on standby ASA due to null-udp-session timeout

CSCsu73112

Traceback on standby ASA 5580 running 8.1.1.9

CSCsu73337

WebVPN: POST Plugin fails if no URL list defined

CSCsu75735

ASA 8.0.4 smart tunnel with auto-sign on sends wrong password to weburl.

CSCsu76101

Traceback in thread name Dispatch Unit

CSCsu77167

WebVPN: Group-URL fails with non default webvpn port

CSCsu77535

'error contacting host' accessing CIFS shares, occurs after 24 days

CSCsu77600

WEBVPN RDP plugin window keys are incorrect. Shift (key) .jar

CSCsu79355

ASA: Isakmp SA not built out backup interface when route changes

CSCsu84438

WEBVPN CIFS: Must have at least dir list access when mounting subfolders

CSCsu85188

ASA 7.2.4.15 traceback at Thread Name: IKE Daemon

CSCsu88174

Traceback in failover synchronization

CSCsu88302

When global PAT pools exhausted FTP data connections might fail

CSCsu88534

Filtering applied to all dest. ports upon creation of a new intf

CSCsu88855

NTLMv2 auth no longer working for CIFS

CSCsu89923

RRI injects routes when not configured to

CSCsu90653

ASA: Disabling Isakmp User Auth Causes Webvpn Authentication to Fail

CSCsu93506

Traceback in Thread Name: Dispatch Unit

CSCsu95114

ASA DHCP Relay Sourcing DHCP unicast msgs on udp 68 instead of udp 67

CSCsu96044

Underruns counter for InternalData0/0 on 5505 never increments

CSCsu97211

Traceback after configuring GTP inspection in second class

CSCsu97665

L2TP: Mac Group Name option is failing: SA Proposals Unacceptable

CSCsu97825

L2TP/IPSec with vpn-filters in group-policy misbehave

CSCsu98502

'show threat-detection' commands might trigger traceback of ASA

CSCsu99482

ASA differs from concentrator group and user dACL merge behavior

CSCsv01270

PIX memory stats through SNMP are incorrect

CSCsv02380

CSD's data.xml corrupted after upgrade

CSCsv02768

TCP connections getting stuck in FINWAIT1 state

CSCsv03262

Unavailable tacacs doesn't trigger fallback to LOCAL authentication

CSCsv07104

clientless webvpn /smart tunnels usage triggers 256 byte block leak

CSCsv10354

ASA doesn't send client hostname to DHCP server for L2TP/IPSec clients

CSCsv10655

Traceback when Updating L2TP Username

CSCsv11062

Redistribute Command Does Not Check the Route-Map for Existence

CSCsv11650

mroute parsed incorrectly at startup when names used

CSCsv13115

PIX/ASA - "sh memory" gives inaccurate memory info

CSCsv16326

'mac-address auto' causes interfaces to fail

CSCsv16410

Incorrect routing for EIGRP with redundant interfaces

CSCsv19091

fragmented mcast forwarding broken when NAT is involved

CSCsv21224

ASA process invalid OSPF MD5 sequence numbers

CSCsv28360

SSH/Telnet are not started on Standby Unit

CSCsv28869

HTTP server should send Last-Modified header field for .jnlp files

CSCsv32284

smart-tunnel command corrupting config when removed from DfltGrpPolicy

CSCsv33663

Memory leak at tm_job_list_t and p3_tree_t on clear conf all

CSCsv34429

Unable to configure ntp server when static PAT for UDP/123 is configured

CSCsv36948

CIFS access to Win2008 server via IP address is not working.

CSCsv39815

DAP: Bookmark URL list is not being concatenated

CSCsv40504

Telnet connection permitted to lowest security level interface

CSCsv42185

Suspected double free resulting in 5580 traceback

CSCsv42924

Traceback in ' Dispatch Unit' on ASA with AIP-SSM in Inline Mode

CSCsv42964

TD scanning-threat does not pick up the correct rate threshold in syslog

CSCsv43219

Traceback in Ike Daemon Thread

CSCsv43401

cifs browsing fails when accessing any folders under Japanese folder

CSCsv43552

Radius accounting request fails on ASA if we have many radius attributes

CSCsv44072

Traceback in Thread Name: IP Address Assign

CSCsv47296

sharepoint 2007:excel2003: upload file, edit, then opened does not open

CSCsv52169

Traceback at thread name PIX Garbage Collector

CSCsv52239

ASA may traceback with certain HTTP packets

CSCsv52800

Traceback in Dispatch Unit when phones re-register with different IP

CSCsv54122

ASA transparent mode: broadcast ARP reflected on same interface

CSCsv54421

Traceback occurs when using DH group 7

CSCsv57765

Traceback in Thread Dispatch Unit with SIP and possible IPv6 address

CSCsv59046

Traceback in Unicorn Proxy Thread, abort: watchdog failure

CSCsv59883

ASA5510 Traceback when VPN timeout set to maximum

CSCsv59898

ASA 8.0.4 - Shunned hosts do not time out on standby

CSCsv63354

ASA 8.0.4.x - IPsec tunnel encaps get frozen after 500Mb of traffic

CSCsv65244

SSL VPN:Incorrect mangling of URLs starting with \\, like \\test-winc

CSCsv65768

Webvpn memory leak in ramfs-blocks

CSCsv65950

rri route disappearing after phase 2 rekey for dynamic l2l tunnel

CSCsv65986

Smart Tunnel Enhancement: inform users when Smart Tunnel starts

CSCsv66510

Smart Tunnel on Mac Leopard 10.5.x failing

CSCsv71282

Numerous CPU-hogs in vpnfol_thread_timer

CSCsv71555

Traceback on ASA during configuration of h323 inspection

CSCsv76871

ASA may reload with traceback in thread name: vpnlb_thread

CSCsv77900

ASA/PIX may reload with traceback in thread: Dispatch Unit (IPSEC CTCP)

CSCsv78079

Assertion on transferring file in inbound ftp session

CSCsv80536

ASA/PIX displays inconsistent value for 'Configuration last modified'

CSCsv81200

SQLNET transfer fails due to TCP proxy dropping unsupported TDS frames

CSCsv83232

Redundant ASA-507003 Syslog Printed for Denies by URL Filtering

CSCsv86200

ASA 8.0.4.7 Traceback in Thread Name: tmatch compile thread

CSCsv86408

Phone Proxy: packet re-ordering and delay causes popping sound in call

CSCsv87869

Assert due to access of stale data during cert authentication.

CSCsv89645

ASA 8.04 - certificate chain not being sent when configured w/ IPSEC RA

CSCsv89678

80-byte Block Exhaustion in EIGRP with Phone Proxy Configured

CSCsv89730

Trraceback when zonelabs-integrity server interface inside is configured

CSCsv91391

L2TP with EAP auth stuck [%ASA-4-403102 - authentication pending]

CSCsv91564

Multiple certificates are installed to one trustpoint when importing.

CSCsv91797

Nested Traceback: addressable memory check problem

CSCsv94394

Group-policy selected for the user is not passed to DAP properly

CSCsv94599

ASA5550 reloads in tmatch_compile thread on tmatch_element_release

CSCsv95555

ASA may fail to send an ARP reply to zero-sourced request

CSCsv97790

Traceback: IKE Daemon (Old pc 0x0845712b <IkeDaemon+171>

CSCsv97892

Traceback with Thread Name: IKE Daemon

CSCsw14645

Unable to browse DFS share throught webvpn when DFS replication is used.

CSCsw14926

Traceback: Thread Name: IP Thread

CSCsw16801

first login attempt fails if TACACS+ server behind IPSEC tunnel

CSCsw18184

Ethertype ACL with multiple remarks causes traceback

CSCsw19588

Standby console freezes if user logs in prior to detecting mate

CSCsw20027

JavaScript and Flash rewriter may leak memory

CSCsw24890

Wildcard in WebType ACL does not recognize special characters

CSCsw25253

ssl vpn related memory corruption causes traceback

CSCsw25955

ASA ignores vpn-group-policy under username attributes

CSCsw28388

ASA 8.04 - memory leak in DMA crypto free memory

CSCsw30301

Undefined message in AnyConnect page on WebVPN.

CSCsw31799

ASA traceback in thread Checkheaps due to tacplus_snd stack overflow

CSCsw32254

Traceback in 'ddns_dynamic_update_process' Thread

CSCsw33175

Route-map to redistribute OSPF into EIGRP does not take effect

CSCsw36505

ASA 5505 SVI goes down even though an active port exists in the vlan

CSCsw37504

ISAKMP delayed when processing large CRL files

CSCsw41161

PMTUD - ICMP type 3 code 4 generated for GRE flow is dropped 313005

CSCsw43719

AnyConnect standalone group-url:Password should be Passcode

CSCsw44081

Shut down Sub-Interface processes packets

CSCsw45716

RDP plugin not started with Java

CSCsw45739

rdp-plugin JAVA session does not have the "home" or "logout" buttons

CSCsw46571

ASA traceback in Thread Name: Unicorn Proxy Thread

CSCsw46589

Crash when phone configured for authenticated security mode registers

CSCsw47441

Java Applet Signing Error..plugins still use old expired certificate

CSCsw48687

Telnet and SSH bookmarks greyed out

CSCsw49953

custom dns group is ignored in WebVPN searches - error contacting host

CSCsw51590

ASA/PIX may experience memory leak related to WebVPN (Chunkstat)

CSCsw51809

sqlnet traffic causes traceback with inspection configured

CSCsw61870

ASA not trying next DNS server when receiving rcode 2 (Server Failure)

CSCsw63453

"Error Contacting Host" when accessing CIFS shares with spaces

CSCsw65973

AnyConnect prompt for user/pass after Smartcard cert authentication

CSCsw67405

Traceback occured logging off 1000's Linux AC client sessions

CSCsw67427

ASA memory leak related to cert auth w/ webvpn

CSCsw67810

user-storage can't login in 8.0.4.18:Unable to create session directory

CSCsw68344

Unable to Delete IPv4 Access-list

CSCsw69862

EZVPN with Autoconnect in NEM mode fails during rekey

CSCsw70329

Remote access vpn unable to est after failover with DHCP assigned addr

CSCsw70786

SACK is dropped when TCP inspection engines are used

CSCsw73355

Incorrect amount of memory displayed in the "show memory detail" output

CSCsw75854

WebVPN: unmangled requests on ESS module of SAP

CSCsw76595

PP: phone cannot register when configured as Authenticated on UCM

CSCsw77033

SSL VPN: Java-rewriter: memory leak implicating WebVPN

CSCsw79486

AAA: ASA is not responding in time when wrong credentials are supplied

CSCsw83282

Watchdog failure in fover_FSM_thread

CSCsw88037

Traceback in IKE Daemon (Old pc 0x080f3c55 <ctm_wait_for_synchronous_com

CSCsw90161

Traceback on Standby after excuting "show vpn session remote"

CSCsw90717

ASA phone Proxy reboots unexpectedly

CSCsw91072

Identity cert being imported without errors, if conflicting with CA cert

CSCsw91497

Multicontext Transparent firewall with ASR groups sets wrong Dest-MAC

CSCsx03234

ASA automatically restarting after receiving OCSP response

CSCsx03294

1550 block leaks leading active ASA to reload

CSCsx03473

ASA traceback in Thread Name: netfs_thread_init

CSCsx03746

"threat-detection statistics host" disappears

CSCsx04881

Webvpn bookmark redirects to webvpn logout page

CSCsx05766

Smart tunnel'ed bookmark does not load with Java 6 update 10 onwards

CSCsx07091

PIX/ASA LDAP authentication doesn't work over tunnel

CSCsx07146

LDAP: watchdog reload while doing large AD Group list retrieval

CSCsx07862

Traffic shaping with priority queueing causes packet delay and drops

CSCsx08270

PP: Explicit ACL deny will cause secure phones to fail registration

CSCsx08291

IPv6:Cannot launch ASDM using ipv6 address

CSCsx15055

set nat-t-disable in crypto map does not override global nat-t config

CSCsx15589

"revocation check ocsp none" does not reject revoked certificates

CSCsx16147

Traceback in Thread Name: fover_parse

CSCsx19947

IGMP Join fails on subinterface after upgrade to 8.1(2)

CSCsx20038

Wrong counters in "show int" for Redundant interface

CSCsx22842

PPPoE re-negotiation does not start after short disconnect

CSCsx23387

Recoverable crash condition within aware http server

CSCsx23611

VPN: TCP traffic allowed on any port with management-access enabled.

CSCsx25628

%PIX|ASA-3-713128 should be logged as a lower level message

CSCsx26252

Smart Tunnel CLI cannot be removed

CSCsx26947

ASA: Password-Expiry fails for anyconnect when authorization is enabled

CSCsx27851

Entering interface ? from cmd specific config mode returns to global cfg

CSCsx27861

Both ASAs are active when FO interfaces are directly connected

CSCsx29872

SSL VPN: Script Errors When Accessing DWA 8.0.2

CSCsx30193

Failover slow to switchover when LAN interface connected with crossover

CSCsx31333

Spaces in DAP record name should be allowed

CSCsx32675

Crafted H323 packet may cause ASA to reload

CSCsx34892

SNMP traps for certain contexts not generated

CSCsx35351

ASA 5505 ezvpn may leak memory due to startup errors

CSCsx35373

ASA may traceback with Thread Name: emweb/https

CSCsx38647

EIGRP: stops redistributing static routes after interface shut/no shut

CSCsx40616

Citrix not working in 8.0.4.22

CSCsx42122

ASA/CSD - certificate mapping does not work if CSD is enabled

CSCsx42142

static route: ASA should not accept static multicast routes

CSCsx43658

WebVPN CIFS: uploading files fails sometimes to HomeServer

CSCsx47427

SSO with internal password fails after a password change

CSCsx47543

AAA account-override-ignore allows VPN session without correct password

CSCsx49794

WebVPN: RDP Plugin does not work with ActiveX with large cert chain

CSCsx50318

OCSP revocation stops working after some time on Cisco ASA

CSCsx50721

Anyconnect unable to establish DTLS tunnel if ASA IP address change

CSCsx50884

Adding shared interface to second context stops traffic to 1st context

CSCsx52598

No focus on 'More information required' radius challenge/response page

CSCsx53529

Traceback on telnet/ci from "show nat" command

CSCsx54449

ASA may processe LDAP password policy with no password-management

CSCsx54893

CSD: Unable to run smart-tunnel inside "browser only" vault

CSCsx57142

SIP Inspection Doesn't NAT Call-info field in SIP Notify message

CSCsx58682

ASA Local CA and caSe SenSiTiviTy - p12 file vs. username conflict

CSCsx59014

ASA allows VPN user although Zonelabs Integrity firewall rejects

CSCsx59403

Automatically added AAA command break ASA5505EasyVPN client after reboot

CSCsx59746

Tacacs Command Accounting does not send packet for 'nat-control'

CSCsx61755

aaa Page fault: Invalid permission when box is under moderate stress

CSCsx64741

Page fault: Address not mapped with telnet traffic. eip and cr2 = 0

CSCsx64804

CIFS URI cutoff after 15 characters

CSCsx68049

ASA - High CPU by function "branch_height" from CPU profile

CSCsx68765

VMWARE web applications (view/vdm) do not work with smart-tunnel

CSCsx70559

TCP Proxy drops the keepalives ACK sent on H225 conn, call gets dropped

CSCsx72410

Traceback in thread name Dispatch Unit

CSCsx76473

CSD: Group-url fails in Vault.

CSCsx77780

Adding shared interface to second context stops traffic to 1st context

CSCsx79918

Crypto CA limited to 65536 requests

CSCsx81472

ASA might automatically restart after issuing 'show vpdn'

CSCsx81722

ASA 8.0.4 traceback in Thread Name: IKE Daemon

CSCsx83353

WCCP Service Ports Missing in ASP Table when Adding Redirect ACL Entry

CSCsx94330

AC with CSD and DAP for Posture Assement matches wrong DAP Policy

CSCsx94849

Unpredictable behavior after failover w/shortest timeout conf.

CSCsx95377

Adding host to http access results in Could not start Admin error

CSCsx97569

PIX/ASA traceback with Thread Name: CMGR Server Process

CSCsy03579

Standby ASA traceback after becoming active, EIP snp_fp_inspect_dns+42

CSCsy04974

Syslog 113019 Disconnect reason not working

CSCsy07794

Webvpn error recovery events caused by improper error handling

CSCsy08778

no pim on one subif disables eigrp on same physical of 4 ge module

CSCsy08905

process_create corrupt ListQ memory when MAX_THREAD is exceeded

CSCsy10473

ASA Improve RADIUS accounting disconnect codes for vpn client

CSCsy10830

Proper handling of robots.txt on Cisco ASA SSLVPN

CSCsy13488

DDNS: A RR update fails if cache entry exists in show dns-host

CSCsy14672

ASA might automatically restart in Thread Name: ppp_timer_thread

CSCsy16175

crash in ci/console thread while adding large acl in multi-mode

CSCsy16595

The ASA traceback intermittent in IPSec

CSCsy17783

Large CRLs freeze processing on the ASA for extended time periods

CSCsy20002

File upload causes hang without recovery

CSCsy21333

Traceback in Thread Name: aaa when using Anyconnect with certificate

CSCsy21727

Failover pair is not able to sync config and stuck in Sync Config state

CSCsy22484

Cisco ASA may traceback after processing certain TCP packets

CSCsy23275

Smart Tunnels and POST parameters should be interoperable

CSCsy25908

ASA 8.2 Beta does not work with /31 subnet on failover interface config

CSCsy26775

Traceback while refreshing CRL

CSCsy27395

qos: traceback in thread name: ssh, eip mqc_get_blt_def

CSCsy27547

Using phone-proxy got assertion "ip.ip_version == IP_VERSION_4"

CSCsy28792

ESMTP inspection drops DKIM signatured emails with content-type

CSCsy28853

inspect-mgcp: call-agent name and gateway name disappears after a reboot

CSCsy29949

WebVPN: slow response with CGI scripts

CSCsy30717

Keepalive not processed correctly thru TCP Proxy

CSCsy31955

Incorrect severity for ASA syslog message 106102

CSCsy44823

WebVPN: Smart Tunneled bookmark on Mac with Safari fails with ACL

CSCsy47819

Traceback occurs when 5505 HwClient connects - password-management used

CSCsy47993

Names not supported in EIGRP summary-address command

CSCsy48107

"clear crypto ipsec sa entry" command doesnt seem to work

CSCsy48250

"clear crypto ipsec sa entry" command doesnt work

CSCsy48816

webvpn cifs unc url doesn't work

CSCsy49823

Interface fails to pass traffic because soft-np shows interface as down

CSCsy49841

ASA Traceback in Thread fover_FSM_thread with A/A FO testing

CSCsy50018

Lua recovery errors observed during boot in multiple-context mode

CSCsy50113

traceback in Dispatch Unit: Page fault: Address not mapped

CSCsy50428

page fault while adding/enrolling users to Local CA w/script

CSCsy53263

Tacacs connection match accounting does not display port information

CSCsy53387

" crypto map does not hole match" message pops up during conditon debug

CSCsy55762

Memory leak in 72 / 80 / 192 bytes memory blocks [ tmatch]

CSCsy56570

Redundant interface as failover link lose peer route after reload

CSCsy56739

Traceback on standby while processing write memory if context is removed

CSCsy57872

Unable to SSH over remote access VPN (telnet, asdm working)

CSCsy59225

FW sends rst ack for tcp packet with L2 multicast mac not destined to it

CSCsy60403

SSL rekey fails for AnyConnect when using client-cert authentication

CSCsy64028

WebVPN: NTLM authentication does not work on a cu server

CSCsy65734

ASA: traceback with thread name "email client"

CSCsy71401

Traceback when editing object-group

CSCsy72423

WebVPN: ASA sends a bad If-Modified-Since header

CSCsy75345

subintefaces on 4ge-ssm ports fail with mac-address auto and failover

CSCsy75720

asdm does not connect to secondary on failover

CSCsy75800

Shared int Mac add auto reload primary there will be some packet loss

CSCsy76537

Issue with RTP Pinhole timeout

CSCsy77628

the procedure of copying a file from ramfs to flash should be atomic

CSCsy80242

ASA: LDAP Password-expiry with Group-Lock locks users out

CSCsy80694

ASA's DOM wrapper issue- Clientless XSS

CSCsy80705

ASA WebVPN HTTP server issue-XSS

CSCsy80709

WebVPN FTP and CIFS issue

CSCsy80716

WebVPN: full customization disables dap message

CSCsy81426

Sip inspection is dropping ftp secondary connection on port 5060

CSCsy82093

XSS via Host: header in WebVPN Request.

CSCsy82188

WebVPN: ASA can't support IP/mask based NTLM SSO consistently

CSCsy82260

ASA fails to redirect traffic to WCCP cache server

CSCsy83043

Redundant interface is down if any member is down at boot

CSCsy83106

Unable to add member interface to Redundant Interface

CSCsy84268

AIP-SSM stays in Unresponsive state after momentary voltage drop

CSCsy85642

websense restriction access page does not display

CSCsy85759

Remove "Server:" directive from SSL replies when CSD enabled

CSCsy86769

ASA5505 should not allow pkts to go thru prior to loading config

CSCsy86795

ASA - Log messages for all subinterfaces seen when adding just one vlan

CSCsy87867

ASA inspect pptp does not alter Call ID in inbound Set-Link-info packets

CSCsy88084

Smart Tunnel failing on MAC 10.5.6 with Firefox 2 and Safari

CSCsy88174

ESMTP inspection "match MIME filetype" matches on file content as well

CSCsy88238

Memory leak in Webvpn related to CIFS

CSCsy90150

ASA doesn't properly handle large SubjectAltName field - UPN parse fails

CSCsy91142

Using name aliases for the interface will cause vpn lb to break

CSCsy92661

Traceback in Thread Name: Dispatch Unit (Old pc 0x081727e4 ebp 0xaad3cd1

CSCsy93180

DWA 8.5: Unable to send an e-mail with attachment.

CSCsy96753

WebVPN Flash rewriter may not clean up all temporary files

CSCsy97437

SNMP community string not hidden in 'show startup' or 'show conf'

CSCsy98446

Memory leaked when matching tunnel group based on URL

CSCsy98584

Traceback on Thread Name: AAA due to downloadable ACL processing

CSCsy98662

Access-list allows port ranges with start-port greater than end-port

CSCsy99063

traceback Thread Name: fover_tx after multiple SSH to active unit

CSCsz01314

ASA/PIX crashes in ci/console after sh crypto ipsec sa

CSCsz02807

Logging standby can create logging loop with syslogs 418001 and 106016

CSCsz02849

Long delay before standby becomes active if unit holdtime misconfigured

CSCsz06329

Unexpect Syslog: No SPI to identify Phase 2 SA

CSCsz06748

ASA traceback in inspect Skinny

CSCsz10339

console hangs for extended period of time when config-url is applied

CSCsz11180

TCP Proxy mis-calculates TCP window causing connectivity problems

CSCsz11835

ASA intermittently drops traffic for authenticated users w/auth-proxy

CSCsz12009

Traceback: 8.0.4.29 with cTCP and failover

CSCsz12600

SSH script running 'show vpn-sessiondb full remote' causes memory leak

CSCsz17027

L2TP: DACL w/ Wildcard Mask not applied to L2TP over IPSec Clients

CSCsz18759

Certificate mapping does not override the group chosen by URL

CSCsz20830

webpage showing missing content.

CSCsz22256

ASA disconnects IPSec VPN client at P2 rekey with vlan mapping in grppol

CSCsz26471

CRL request failure for Local CA server after exporting and importing

CSCsz29041

ASA: If CA cert import fails will delete id cert under same trustpoint

CSCsz32125

Remove ability to add WebVPN group-alias with non-English chars via CLI

CSCsz32354

Traceback in thread SSH related to using help in policy-map config mode

CSCsz33877

traceback in schedctl_start - clientless/FO/LOCAL aaa

CSCsz34273

PIX/ASA don't generate syslog 305005 on nat-rpf-failed counter increase

CSCsz34300

acl-netmask-convert auto-detect cannot convert wildcard mask of 0.0.0.0

CSCsz34811

Session MIB to mirror sh vpn-sessiondb summary doesn't show proper info

CSCsz35484

Failover pair with CSC-SSM: High CPU usage by SSM Accounting Thread

CSCsz36816

OCSP connection failures leaks tcp socket causing sockets to fail

CSCsz37164

"vpn-simultaneous-logins 0" does not prevent user access in all cases

CSCsz37492

traceback eip 0x09307337 <mem_get_owner+55 at slib/malloc.c:5785>

CSCsz37495

Customization editor: wrong URL of Save icon (text link is OK)

CSCsz38884

ASA SSLVPN: Error contacting hosts when auto-signon configured

CSCsz39438

Floating toolbar missing for ARWeb (Remedy) via clientless WebVPN

CSCsz40743

Reseting the AIP module may cause the ASA to reload with a traceback

CSCsz42003

ASA 5510 traceback with skinny inspection and phone proxy

CSCsz43374

AC re-directed to IP address instead of hostname causes cert error

CSCsz43608

Anyconnect fails to launch if interface ip address is mapped to a name

CSCsz43748

Port Forwarding creates memory leak

CSCsz44078

Traceback in capture when adding a dataplane match command

CSCsz48558

PIX/ASA: L2L RRI routes removed after failover when using originate-only

CSCsz52448

WebVPN: RDP plug-in SSO fails.

CSCsz52937

ASA traceback in Thread Name: Dispatch Unit with TCP intercept

CSCsz53474

1550 Block Depletions leading to unresponsiveness

CSCsz55620

WebVPN: Specific RSS feed give blank page

CSCsz58391

Burst Traffic causes underrun when QoS shaping is enabled on ASA

CSCsz59196

Webvpn ACL that permits on tcp with no range does not work using DAP

CSCsz60119

Traceroute makes configuration change from "no names" to "names".

CSCsz61074

ASA should reject unuseable ip pool config

CSCsz62364

ASA5580 snmpget will not provide output for certain OIDs

CSCsz63008

Memory leak in 72 / 80 bytes memory blocks [ tmatch]

CSCsz63217

Stateful Failover looses connections following link down

CSCsz67729

IP address in RTSP Reply packet payload not translated

CSCsz70541

Smart Tunnels and POST params should support "\" in the username

CSCsz70555

WebVPN: ST on Mac should popup the tunneled application when started

CSCsz70906

IPsec/TCP fails due to corrupt SYN+ACK from ASA when SYN has TCP options

CSCsz72175

CSD: flash:/sdesktop/data.xml file gets truncated when it is > 64kB

CSCsz72351

L2TP with EAP auth stuck [%ASA-4-403102 - authentication pending]

CSCsz72684

Traceback on Standby unit during configuration sync

CSCsz72810

InCorectly added "Host Scan File Check e.g 'C:\' " breaks DAP Policies

CSCsz73096

vpn-sessiondb : Address sorting is incorrect

CSCsz73387

DAP dap.xml file corrupt after replication

CSCsz75451

ASA 8.2.1 reloads in "ldap_client_thread" on "Get AD Groups" via ASDM

CSCsz76191

WebVPN: IE shows secure/unsecure items messages

CSCsz77705

sh vpn-sessiondb displays incorrect peer for dynamic to static l2l

CSCsz78701

dhcprelay issue after configuration changes in multi context mode

CSCsz80366

Citrix ICA on Macintosh over Smart Tunnel fails

CSCsz80777

WebVPN: Disabling CIFS file-browsing still allows shares to be viewed.

CSCsz83417

Clientless WebVPN memory leak in rewriter while compressing/decompressin

CSCsz85299

Syslogs are incorrectly logged at level 0 - emergencies

CSCsz87577

Duplicate shun exemption lines allowed in configuration

CSCsz92485

Traceback in ak47 debug command.

CSCsz92650

Clientless SSL VPN Script Errors when accessing DWA 8.5

CSCsz97334

Memory leak associated with WebVPN inflate sessions

CSCsz99458

MAC Smart Tunnel fails for certain Java web-applications

CSCta00078

webvpn: Issue w/ processing cookie with quoted value of expire attribute

CSCta01745

IGMP Join From Second Interface Fails to Be Processed

CSCta03382

SQLNET query via inspection cause communication errors

CSCta06294

ASA traceback in Thread Name: Unicorn Proxy Thread

CSCta06806

traceback: netfs_request+289 at netfs/netfs_api.c:89

CSCta10530

ASA - management sockets are not functional after failover via vpn

CSCta11837

WCCP crashed when all the CE interfaces were disconnected

CSCta12118

Exhaustion of 256 byte blocks and traceback in fover_serial_rx

CSCta13245

WEBVPN - CIFS needs to be able to ask IPV4 address from DNS

CSCta16720

vpn-framed-ip-address does not accept /32 netmask

CSCta18472

CPU Hog in IKE Daemon

CSCta18623

'Per-User-Override' Keyword Removed from an 'Access-Group' Line

CSCta18741

PIX/ASA: IOS ezvpn ipsec decompression fails with ASA as ezvpn server

CSCta21219

Clientless SSL: Citrix Web Interface XenApps 5.1 client detection fails

CSCta23935

Active/Active FO fails when using a shared interface with the same name

CSCta24704

Syslog id 302014 shows TCP Reset-O for RESET generated by ASA

CSCta25498

L2TP still has auth stuck [%ASA-4-403102 - authentication pending]

CSCta27247

Standby traceback in dispatch unit when write standby is executed

CSCta27739

Standby ASA leaking memory in webvpn environment

CSCta28493

Traceback in fover_parse on secondary FO unit

CSCta32954

Traceback in Thread Name: aaa

CSCta33419

ASA VPN dropping self-sourced ICMP packets (PMTUD)

CSCta36043

POST plugin uses Port 80 by default even when csco_proto=https

CSCta38452

ICMP unreachable dropped with unique Nat configuration

CSCta38552

Smart tunnel bookmark failed with firefox browser

CSCta39633

Strip-realm is not working with L2TP-IPSEC connection type

CSCta42035

"show conn detail" does not indicate actual timeout

CSCta42455

H323: Disable H323 inspect in one context affects H323 inspect in other

CSCta45238

Unable to Download Packet Captures from Admin Context for Other Contexts

CSCta47556

WebVPN: Plugin parameter "csco_sso=1" doesn't work in browser favorites

CSCta47685

WebVPN: Plugin parameter "csco_sso=1" doesn't work with "=" in password

CSCta47769

WebVPN: XML parser and tags with dot.

CSCta49088

"Lost connection to firewall" Message in ASDM with "&" in nameif

CSCta49362

WebVPN: wrong arg count in Flash rewriter

CSCta54837

IPSec over TCP tunnel dropped after launching CIPC

CSCta55102

WebVPN - PeopleSoft issue

CSCta55277

traceback seen with assertion "0" failed: file "block.c", line 2716

CSCta55567

Traceback when adding "crypto ca server user-db email-otp"

CSCta56375

ASA5580 8.1.2 without NAT RTSP inspection changes video server's IP

CSCta56895

ASA WEBVPN page rendering issue with forms and Modal dialog

CSCta57915

IKE phase 2 for secondary peer fails with connection-type originate-only

CSCta58656

SIP: Filtering by calling/called party should apply to ALL SIP messages

CSCta62631

H323 inspection fails when multiple TPKT messages in IP packet

CSCta78657

FTP transfers fail thru OSPF-enabled interfaces when failover occurs

CSCta86483

Group Alias no longer accepts spaces - Broadview

CSCta88732

WebVPN Traceback in Unicorn Proxy while rewriting Java applets

CSCta92056

Url filter: Need to disable TCP CP stack Nagles algorithm

CSCta94184

Cannot open DfltCustomization profile after downgrade from 8.2(1) to 8.0

CSCta99081

ASA traceback has affected failover operation

CSCtb01729

ASA traceback in Thread Name: tmatch compile thread

CSCtb03881

WebVPN Re-writer formats search results incorrectly in Firefox

CSCtb04058

ASA sends link state traps when doing a failover

CSCtb04171

TD reporting negative session count

CSCtb04188

TD may report attackers as targets and vice versa

CSCtb04935

ASA traceback in Thread Name: Checkheaps

CSCtb05806

assert in thread DATAPATH-1-467 on ASA5580

CSCtb06293

Upgrade to 8.2.1 causes boot loop

CSCtb07060

ASA bootloops with 24 or more VLANs in multimode

CSCtb16769

When CRL cache is empty revocation check falls back to "NONE"

CSCtb17123

Policy NAT ignored if source port used in access-list

CSCtb18378

WebVPN: RDP plug-ing SSO fails when username contains space

CSCtb25740

Trustpoint certificate will not be updated after re-enrollment

CSCtb27147

ASA traceback in Thread Name: snmp

CSCtb27753

Unable to use the search on a webpage through Webvpn

CSCtb31899

Memory leak in the WebVPN memory pools

CSCtb32114

WebVPN: rewriter adds port 80 to server without checking

CSCtb37395

traceback: <netfs_init_ctx+65 at netfs/netfs_api.c:399>

CSCtb38075

Phone Proxy Dropping RTP Packets After Prolonged Inactivity from Inside

CSCtb38344

ASA tracebacks in Thread Name: vPif_stats_cleaner

CSCtb39300

IPv6 VPN traffic fails when more than 1 sub interface is configured.

CSCtb42581

write standby 50 ctx config will cause traceback and config failure

CSCtb42847

"clear cry isakmp sa <ip>" doesnt work if there's no corresponding P2 SA

CSCtb42871

Traceback in Thread Name: PIX Garbage Collector

CSCtb45571

MAC OS VMWARE web applications VDI do not work with smart-tunnel

CSCtb48049

Reload with traceback in Thread Name: CP Midpath Processing

CSCtb49797

Unnecessary SNAP frame is sent when redundant intf switchover occurs

CSCtb50486

failover link restored while replication causes failover off

CSCtb52929

Show service-policy output needs to be present in show tech

CSCtb56128

CIFS 'file-browsing disable' blocks access to share if '/' at end of url

CSCtb62670

ASA source port is reused immediately after closing

CSCtb64480

Automatically added AAA command break ASA5505EasyVPN client

CSCtb64885

webvpn-cifs: Not able to browsing CIFS shared on server 2008

CSCtb64913

WEBVPN: page fault in thread name dispath unit, eip udpmod_user_put

CSCtb65722

Javascript: Mouseover not working through WebVPN

CSCtb69216

LOCAL CA enrolled user is sent enrollment reminder after expiration

CSCtb83786

SSM-4GE sees multicast traffic when built-in interfaces do not

CSCtb86570

ASA:assert 0 file:"match_tunnelgrp_chain.c" when altering service policy

CSCtb95326

Traceback: cppoll

CSCtb98621

WEBVPN: ASP.NET file link with backslash is modified to a forward slash

CSCtb99389

Standby unit traceback when active reloads

CSCtc00487

Crash in Thread Name: Unicorn Proxy Thread With Forms Based Auth

CSCtc00929

ASA WebVPN CIFS tries to connect to type GROUP name

CSCtc01815

Mem leak in Radius_Coalesce_AVpairs

CSCtc01864

Memory leak in CRL_CheckCertRevocation

CSCtc02642

QOS policy-map with match tunnel-group is not applied after reload

CSCtc03451

TCP SIP Call Dropped When Resuming from Hold Due to Incorrect Timeout

CSCtc03654

npshim: memory leak denies SSL access to/from ASA

CSCtc05405

Port-Forwarding applet not operational with certain OS/Java versions

CSCtc13966

tmatch_compile_thread crash under low mem condition due to huge vpn acl

CSCtc17075

Memory leaks found when pushing msie-proxy info to Ipsec client.

CSCtc30413

Crash with SIP pinhole replication Thread Name: Dispatch Unit

CSCtc32826

ASA 8.0.4 Smarttunnel Relay.dll crashes browser if proxy is configured

CSCtc35404

0 size block depletion may cause failover mate not detected

CSCtc37653

Cable-based failover does not work

CSCtc41374

ASA: standby unit traceback during failover replication

CSCtc46138

Traceback on changing snmp-server port

CSCtc48310

ASA: Traceback during NTLM authentication

CSCtc69318

Active/Active - Failover status flaps when shared interface link is down


Related Documentation

For additional information on the adaptive security appliance, go to Navigating the Cisco ASA 5500 Series Documentation:

http://www.cisco.com/en/US/docs/security/asa/roadmap/asaroadmap.html

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS Version 2.0.

© 2009 Cisco Systems, Inc.

All rights reserved.