Bug |
Description |
|
|
ENH - Add device serial number and platform string to show run output
|
|
|
Allow user to exclude the status of the SSM or SSP from failover checks
|
|
|
'LU allocate xlate failed' syslog should include more data
|
|
|
Double auth not triggered if using secondary-aaa-server per interface
|
|
|
Cisco ASA Webtype ACL By-Pass Vulnerability
|
|
|
ACL renamed but syslog doesn't reflect new name
|
|
|
ENH - show traffic should include packet size distribution and flow info
|
|
|
block and chunk data needs to be included at beginning of crashinfo
|
|
|
show blocks exhaustion snapshot only takes single snapshot
|
|
|
Implement a syslog to indicate the version of the anyConnect client
|
|
|
ENH: ASA drops ICMP Error Reply for uni-directional SCTP Traffic
|
|
|
DHCP Relay needs to handle DHCPREQUEST differently
|
|
|
Easy VPN Remote not re-establishing nem-st-autoconnect setting changed
|
|
|
ASA SSLVPN/DTLS: Copy inner packet TOS field to outer header
|
|
|
A warning message is needed when a new encryption license is applied
|
|
|
Asa 5580-20: object-group-search access-control causes failover problem
|
|
|
ASA transparent mode should support 'inspect icmp error'
|
|
|
AC Script/customi:no 'linux-64' option(maybe it should be 'freeform'?)
|
|
|
ASA5500-x: "speed nonegotiate" command not available for fiber interface
|
|
|
Slow throughput of AnyConnect client w/DTLS compared to IPSec IKEv1
|
|
|
ASA: Huge NAT config causes traceback due to unbalanced p3 tree
|
|
|
DNS: Inspection drops non in-addr.arpa PTR queries
|
|
|
Need Syslog containing assigned IP address for AnyConnect IKEv2
|
|
|
ENH: Citrix Receiver proxy on ASA support for backend Storefront server
|
|
|
ICMP destination unreachable for L2TP PMTU error not sent to server
|
|
|
SVC_UDP Module is in flow control with a SINGLE DTLS tunnel
|
|
|
Dropped packets/Retries/Timeout on applying a huge ACL on existing acl
|
|
|
AC 3.1:ASA incorrectly handles alternate DTLS port,causes reconnect
|
|
|
ASA 9.1.2 DHCP - Wireless Apple devices are not getting an IP via DHCPD
|
|
|
ENH - SCP Support on the ASA
|
|
|
ASA 9.1: timer app id was corrupted causing to Dispatch Unit traceback
|
|
|
ACL Migration to 8.3+ Software Unnecessarily Expands Object Groups
|
|
|
ASA may reload with traceback in Thread Name: vpnfol_thread_msg
|
|
|
ASA traceback in Thread Name: fover_parse during command replication
|
|
|
ASA 9.1.2 - Traceback in Thread Name: fover_parse during configuration
|
|
|
%ASA-6-113005 should contain IP that initiated failed auth attempt
|
|
|
WebVPN portal page misses large title after portal redesign
|
|
|
ENH - ASA and AAA Operations
|
|
|
ASA OSPF route stuck in database and routing table
|
|
|
ASA: Page fault traceback with 'show dynamic-filter dns-snoop detail'
|
|
|
ASA SMR: Multicast traffic for some groups stops flowing after failover
|
|
|
ASA cifs share enumeration DOS vulnerability
|
|
|
IDFW: user-group is not deactivated even if IDFW ACL is removed
|
|
|
ASA: ARP Fails for Subinterface Allocated to Multiple Contexts on Gi0/6
|
|
|
ASA fails to set forward address in OSPF route redistrubution
|
|
|
ASA Memory usage in a context rises
|
|
|
CWS: ASA forwards HTTPS packets to CWS tower in wrong sequence
|
|
|
vpn load-balancing configuration exits sub-command menu unexpectedly
|
|
|
ASA may drop all traffic with Hierarchical priority queuing
|
|
|
ASA: Page fault traceback after running show asp table socket
|
|
|
ASA traceback in Thread Name: DATAPATH due to double block free
|
|
|
ASA 5505 SIP packets may have extra padding one egress of 5505
|
|
|
ENH: Need to optimize messages printed on upgrade from 8.2- to 8.3+
|
|
|
ASA Unicorn rewriter memory corruption
|
|
|
ASA traceback when uploading an image using FTP
|
|
|
2048 byte block depletion with Smart-Tunnel Application
|
|
|
ASA Transparent mode doesn't pass DHCP discover message
|
|
|
ASA should allow out-of-order traffic through normalizer for ScanSafe
|
|
|
ASA Tranparent A/A - Replicated MAC addresses not deleted after timeout
|
|
|
ASA failover cluster traceback when replicating the configuration
|
|
|
ASA with ICMP insp. drops replies with 'seq num not matched' code
|
|
|
Case sensitivity check missing for Web Type ACL and Access-group
|
|
|
IPSEC VPN - One crypto ACE mismatch terminates all Phase2 with that peer
|
|
|
ASA Page Fault Traceback in 'vpnfol_thread_msg' Thread
|
|
|
ASA fails to perform KCD SSO when web server listens on non-default port
|
|
|
Acct-stop for VPN session doesn't send out when failover occurred
|
|
|
ASA IGMP receiver-specific filter blocks all multicast receivers
|
|
|
ASA sends RST to both ends when CX policy denies based on destination IP
|
|
|
WEBVPN IE 11: CIFS bookmarks showing with unicode
|
|
|
EIGRP: Auth key with space replicates to Secondary with no space
|
|
|
ASA:Webvpn character encoding instructions unclear
|
|
|
Capture Isakmp w/ match statement cause Standby to reload at replication
|
|
|
ASA: ACL CLI not converting 0.0.0.0 0.0.0.0 to any4
|
|
|
WEBVPN multiple issues with LMS application
|
|
|
ASA: Phy setting change on member interfaces not seen on port-channel
|
|
|
BPDUs on egress from ASA-SM dropped on backplane
|
|
|
Redundant IFC not Switching Back
|
|
|
ASA TCP Proxy can corrupt data, cause ACK storms and session hangs
|
|
|
ASA tears down SIP signaling conn w/ reason Connection timeout
|
|
|
ASA translates the source address of OSPF hello packets
|
|
|
'Route-Lookup' Behavior Assumed for Twice NAT with Identity Destination
|
|
|
ASA - DHCP Discover Sent out during boot process
|
|
|
ASA reloads on Thread name: idfw_proc
|
|
|
ASA drops DHCP Offer packet in ASP when nat configured with "Any"
|
|
|
ASA reloads due to SSL processing
|
|
|
secondary standby looses his cluster license after upgrade to 8.4.(7.3)
|
|
|
webvpn issue,part of the http request not sent by the client to ASA
|
|
|
ASA not allowing AC IKEv2 Suite-B with default Premium Peer license
|
|
|
SSH: ASA 9.1.3 rare traceback observed during ping command
|
|
|
ASA traceback with Thread Name: IKE Common thread
|
|
|
IKEv1 - Send INVALID_ID_INFO when received P2 ID's not in crypto map
|
|
|
Webvpn: Add permissions attribute to portforwarder jar file
|
|
|
Webvpn: Add permissions attribute to mac smart-tunnel jar
|
|
|
ASA: Auth failures for SNMPv3 polling after unit rejoins cluster
|
|
|
WebVPN: ASA webVPN fails to rewrite dynamic content of pubmed website
|
|
|
ASA:Traceback in Thread Name: DATAPATH-23-2334
|
|
|
Traceback in IKEv2 Daemon with AnyConnect Failure
|
|
|
uauth session considered inactive when inspect icmp is enabled
|
|
|
idle time field is missing in show uauth output
|
|
|
WebVPN configs not synchronized when configured in certain order-v3
|
|
|
Problem configuring QOS priority with user-statistic on same policy-map
|
|
|
IKEv2 leaks embryonic SAs during child SA negotiation with PFS mismatch
|
|
|
Smart-tunnel for windows-Liveconnect exception-JRE 1.7u51
|
|
|
ASA traceback on NAT assert on file nat_conf.c
|
|
|
ASA should not allow interface MTU config greater than 9202/9198
|
|
|
ASA 5500-X: Chassis Serial Number missing in entity MIB
|
|
|
Webvpn: connecting to oracle network SSO returns error
|
|
|
Webvpn: web applications that may refresh a page with "#" fail
|
|
|
HTTP redirect to the VPNLB address using HTTPS fails in 9.1.4/9.0.4.x
|
|
|
Datapath:Observing Deadlock in different DATAPATH threads
|
|
|
Traffic does not hit Twice NAT configured after Static PAT
|
|
|
ASA5585-SSP60 Teardown process is delayed under heavy traffic condition
|
|
|
Traceback on standby ASASM when executing the failover active command
|
|
|
ASA Backup scansafe tower is never polled
|
|
|
ASA: Watchdog traceback in Unicorn Admin Handler with TopN host stats
|
|
|
ASA traceback in Unicorn Admin Handler
|
|
|
ASA: Traceback in pix_flash_config_thread when upgrading with names
|
|
|
ASA - VPN session leak for IKEv2 if L2L sessions land on RA tunnel group
|
|
|
Traceback in Thread: IPsec message handler with rip-tlog_event_allocate
|
|
|
ASA Cluster: Unable to stop captures on CCL in a context
|
|
|
SunRPC GETPORT Reply dropped when two active sessions use same xid
|
|
|
show cluster info goid output needs formatting
|
|
|
Aborted AnyConnect Authentications can cause resource leak
|
|
|
Sourcefire Defense Center not able to be rendered via Clientless SSL VPN
|
|
|
ASA 9.1.3 SNMP Traceback in Thread Name: SNMP
|
|
|
Traceback in Thread Name: ci/console
|
|
|
IKEv2 routes not installed if Dynamic and Static Crypto Map Match
|
|
|
ASA cluster - RSA key size 4096 bits is not replicated cluster members
|
|
|
Assigned IP in show vpn-sessiondb anyconnect is missing.
|
|
|
Windows ICMP based Tarceroute through ASA faling
|
|
|
ASA WebVPN memory leak - blank portal page
|
|
|
capture option to be provided to collect pcap frm node other than master
|
|
|
Ping doesn't work between peer IPs when answer-only is configured
|
|
|
Java rewriting takes too much time
|
|
|
ASA: Traceback in aware_http_server_thread after upgrade
|
|
|
ASA Traceback in DATAPATH-1-1400 with error message shrlock_join_domain
|
|
|
ASA-IC-6GE-SFP-C SFP port doesn't come up
|
|
|
ASA traceback in Thread Name: IKE Daemon: with CX redirect in place.
|
|
|
DAP creates dynamic ACLs even if single ACL selected.
|
|
|
Regex modification within context causes ASA traceback
|
|
|
ASA WebVPN login page XSS vulnerability
|
|
|
ASA 9.1.x should accept RIP V1 updates
|
|
|
ASA traceback when retrieving idfw topn user from slave
|
|
|
XenDeskTop7:cannot relogin to StoreFront ineterface after logoff
|
|
|
Anyconnect: Split-Tunnel dose not work with subnet 0.0.0.0/1
|
|
|
AnyConnect Password Management Fails with SMS Passcode
|
|
|
When long line is entered on cli, all chars > 510 silentl y discarded
|
|
|
ASA using IKEv2 rejects multiple NAT_DETECTION_SOURCE_IP payloads
|
|
|
ASA Cluster ICMP with PAT not functional on reload
|
|
|
ASA 5585 cluster indicating SSM card down but no SSM module
|
|
|
Data path: ASA traceback in CTM message handler
|
|
|
ASA IPSec - DNS reply for RA client dropped when LZS compression enabled
|
|
|
L2TP/IPSec connection is failed when there is PAT router.
|
|
|
Hash calculated for multiple ACEs on ASA are same
|
|
|
ASA: Traceback in thread Name: DATAPATH-1-2581
|
|
|
ASA Tears Down Connections With Reason of 'snp_drop_none'
|
|
|
Unable to access webvpn portal when CSD and IE content advisor enabled.
|
|
|
ASA cut a part of credential data during cut-thru proxy authentication
|
|
|
Cisco ASA DHCPv6 Denial of Service Vulnerability
|
|
|
ASA changes to improve CX throughput and prevent unnecessary failovers
|
|
|
ASDM interface graph showing bogus values in S/W and H/W output queue
|
|
|
ASA-SM not sending SNMP traps with 9.0.4
|
|
|
terminal width command is deleted when removing other context
|
|
|
5585-20 8.4.7.11 traceback in Thread Name Datapath w/ DCERPC inspection
|
|
|
IDM/IME/File Transfer Slow For Certain Source and Destination IP Pairs
|
|
|
Posture assement failing after HS upgrade to 3.1.05152
|
|
|
OSPFv3 route stuck in routing table after failover
|
|
|
MEMLEAK: 128 byte leaks when requesting IPv6 address for AnyConnect
|
|
|
Name for IPv6 address causes objects to became empty after reload
|
|
|
Cisco ASA Information Disclosure Vulnerability
|
|
|
Packet-tracer showing incorrect result for certain NAT configurations
|
|
|
Nameif command not allowed on TFW multimode ASA with clustering
|
|
|
'ASA modifies Request Host Part under 'ACK' packet for SIP connection'
|
|
|
ASA 5505 u-turned/hairpinned conn counts toward license local-host limit
|
|
|
High CPU with IKE daemon Process
|
|
|
ASA drops packet due to nat-no-xlate-to-pat-pool after removing NAT rule
|
|
|
ASA 8.4.6: Traceback with fover_FSM_thread
|
|
|
Saleen copper module port speed/duplex changes ineffective
|
|
|
To the box traffic dropped due to vpn load-balancing (mis)configuration
|
|
|
SNMP: cpmCPUTotal5sec/1min/5min return "0"
|
|
|
VPN client firewall and split-tunneling mishandle "inactive" acl rules
|
|
|
Clientless scrollbar on right hand side of the screen doesn't render
|
|
|
ASA 9.1 DMA Memory exhaustion in 240 binsize
|
|
|
ASA 9.0.4.1 traceback in webvpn datapath
|
|
|
ASA WebVPN Memory leak leading to Blank Portal Page/AnyConnect failure
|
|
|
VPN-filter ACL drops all traffic after upgrade for pre 8.3 to 9.x
|
|
|
IPsec transform sets mode changes from transport to tunnel after editing
|
|
|
CSCub92315 fix is incomplete
|
|
|
Interop: relax PrintableString encoding enforcement in PKI
|
|
|
ASA - Cut Through Proxy sends empty redirect w/ Virtual HTTP and Telnet
|
|
|
ASA SIP Inspect:'From: header' in the INVITE not NATed for outbound flow
|
|
|
ASA: Traceback in Thread Name: Dispatch Unit when enable debug ppp int
|
|
|
ASA SSLVPN OWA 2007: Unable to attach files >= 1 MB with KCD enabled
|
|
|
Traceback on DATAPATH-7-1524 Generating Botnet Filter Syslog
|
|
|
ASA WebVPN Rewriter: CSCOGet_location Improperly Pulls Full Web Address
|
|
|
Traceback with thread DATAPATH-2-1181
|
|
|
ASA traceback (Page fault) during xlate replication in a failover setup
|
|
|
ASA does not relay BOOTP packets
|
|
|
Multicast - ASA doesn't populate mroutes after failover
|
|
|
ASA: HTTP searchPendingOrders.do function failing over WebVPN
|
|
|
WebVPN capture causes conflict with other capture types
|
|
|
ASA IKEv2 "Duplicate entry in tunnel manager" (post 9.1.5)
|
|
|
ASA: Webvpn using incorrect password for auto-signon with Radius/OTP
|
|
|
ASA doesn't send invalid SPI notify for non-existent NAT-T IPSec SA
|
|
|
ASA 9.1.(3)4 Memory Leak in KCD
|
|
|
ASA Rewriter does not support encoded values for characters like " ' "
|
|
|
WebVPN: Javascript rewrite issue with Secret Server Application
|
|
|
ASA 9.x Management Port-Channel Cannot configure management-only in TFW
|
|
|
Firewall may crash while clearing the configuration
|
|
|
Traceback when using IDFW ACL's with VPN VPN Filters
|
|
|
5585-20 9.2.1 Traceback in Thread Name: DATAPATH-1-1567
|
|
|
CIFS drag & drop not working with remote file explorer over webvpn
|
|
|
ASA NAT: Some NAT removed after upgrade from 8.6.1.5 to 9.x
|
|
|
Giaddr to be set to the address of interface facing the client.
|
|
|
ASA allows to empty an access-list referenced elsewhere
|
|
|
ASA - crash in SSL Client compression in low memory conditions
|
|
|
Standby ASA traceback on Fover_Parse with Botnet Filter
|
|
|
show vpn load-balancing shows Public addr as Cluster IP addr for Master
|
|
|
Inconsistencies seen while sending warmstart trap on reload
|
|
|
Failover Standby unit has higher memory utilization
|
|
|
|
|
|
Snmp-server hosts entries are lost when upgrading from 9.1(4) to 9.1(5)
|
|
|
ASA WebVPN: Script error when using port-forwarding
|
|
|
9.0(4)5 - Unable to access internal site via clientless SSLVPN
|
|
|
ASA SSLVPN Java plugins fail through proxy with Connection Exception
|
|
|
L2TP/IPsec fragmentation change causing ICMP-PMTU being sent
|
|
|
show webvpn kcd Error code 2 (ERROR_FILE_NOT_FOUND)
|
|
|
ASA: Webvpn Clientless - certificate authentication fails intermittently
|
|
|
ASA - Traceback in thread name: sch_prompt anonymous reporting
|
|
|
ASA traceback in Thread Name : Checkheaps when snmp config is cleared
|
|
|
IKEv2 DPD is sent at an interval not correlating to the specified value
|
|
|
Jumbo frame calculations are incorrect or hard coded
|
|
|
TCP intercept does not work after embryonic connection ends
|
|
|
ASA Panic: CP Processing - ERROR: shrlock_join_domain
|
|
|
ASA EIGRP does not reset hold time after receiving update
|
|
|
ASA doesn't apply vpn-filter if group policy is assigned by Cisco VSA 25
|
|
|
WebVPN Problem- icons missing, buttons not working
|
|
|
SNMP: Unable to verify presence of second power supply in ASA 5545
|
|
|
|
|
|
ASA: Page fault traceback in DATAPATH when DNS inspection is enabled
|
|
|
ASA - Wrong object-group migration during upgrade from 8.2
|
|
|
ASA - Permitting/blocking traffic based on wrong IPs in ACL
|
|
|
ASA traceback in thread name idfw_adagent
|
|
|
ASA Overwrite any file on WebVPN RAMFS
|
|
|
ASA with ACL optimization crashing in "fover_parse" thread
|
: There are no special requirements for Zero Downtime Upgrades for failover and ASA clustering with the following exceptions:
Feedback