Cisco
ASA Interim Release Notes
The software
images listed below are Interim releases.
They contain bug fixes which address specific
issues found since the last Feature or Maintenance release. The images are fully supported by Cisco
TAC and will remain on the download site only until the next Maintenance
release is available. If you do not have a specific problem
which is resolved by an Interim release, we recommend that you use the
Feature or Maintenance release images.
Important: These images were not fully regression
tested. Each individual fix was
unit tested, and the image has had a limited amount of automated regression
testing to confirm a baseline of functionality. Keep this testing status in mind if you decide to run them
in a production environment. We
strongly encourage you to upgrade to a fully tested Maintenance or Feature
release when it becomes available.
Revision: Version 9.1.1(4) – 03/14/2013
Files: asa911-4-smp-k8.bin
Defects resolved since 9.1.1:
Elements in the network
object group are not converted to network object |
|
Failover disabled due to
license incompatible different Licensed cores |
|
Traceback @snp_ifc_purg_cb
w/ clear conf all or write standby |
|
Some legitimate traffic may
get denied with ACL optimization |
|
dynamic policy PAT fails with FTP data due to latter static NAT entry |
|
RRI routes are not injected
after reload if IP SLA is configured. |
|
ASA: Builds conn for
packets not destined to ASA's MAC in port-channel |
|
Natted traffic not getting
encrypted after reconfiguring the crypto ACL |
|
ASA: Packet loss during
phase 2 rekey |
|
ASA sends user passwords in
AV as part of config command authorization. |
|
ASA 5585 with IPS inline
-VPN tunnel dropping fragmented packets |
|
ASA 5585- 10 gig interfaces
may not come up after asa reload |
|
misreported high CPU |
|
ASA may traceback when
multiple users make simultaneous change to ACL |
|
SMP ASA traceback on
periodic_handler for inspecting icmp or dns trafic |
|
Port-Channel Flaps at low
traffic rate with single flow traffic |
|
5500X Software IPS console
too busy for irq can cause data plane down. |
|
Local command auth not
working for certain commands on priv 1 |
|
ASA nat-pat: 8.4.4 assert
traceback related to xlate timeout |
|
8.4.3 system log messages
should appear in Admin context only |
|
Interface oversubscription
on active causes standby to disable failover |
|
Traceback in CP Processing
when enabling H323 Debug |
|
ASA: Watchdog traceback
from tmatch_element_release_actual |
|
ASA: Page fault traceback
when copying new image to flash |
|
ASA: Traceback in Dispatch
Unit with HTTP inspect regex |
|
ASA 210005 and 210007 LU
allocate xlate/conn failed with simple 1-1 NAT |
|
ASA5550 continous reboot
with tls-proxy maximum session 4500 |
|
FIFO queue oversubscription
drops packets to free RX Rings |
|
Standby ASA traceback while
replicating flow from Active |
|
ASA traceback due to nested
protocol object-group used in ACL |
|
Standby ASA allows L2
broadcast packets with asr-group command |
|
ASA: Page fault traceback
in Unicorn Proxy Thread with WebVPN |
|
ASA: Assert traceback in
PIX Garbage Collector with GTP inspection |
|
ASA unexpectedly reloads
with traceback in Thread Name: CP Processing |
|
ASA TFW sends broadcast arp
traffic to all interfaces in the context |
|
ASA traceback in threadname
Logger |
|
ASA standby produces
traceback and reloads in IPsec message handler |
|
High CPU HOG when
connnect/disconnect VPN with large ACL |
|
WebVPN - mishandling of
request from Java applet |
|
Accounting STOP with caller
ID 0.0.0.0 if admin session exits abnormally |
|
Nas-Port attribute
different for authentication/accounting Anyconnect |
|
ASA: Webvpn cookie
corruption with external cookie storage |
|
OSPF routes were missing on
the Standby Firewall after the failover |
|
ASA - VPN connection
remains up when DHCP rebind fails |
|
TCP ts_val for an ACK
packet sent by ASA for OOO packets is incorrect |
|
ASA: May traceback in
Thread Name: fover_health_monitoring_thread |
|
ASA 8.4.4.6 and higher: no
OSPF adj can be build with Portchannel port |
|
ACL not getting migrated
correctly (FWSM to ASA-SM with migration tool) |
|
Multi-Mode treceback on
ci/console copying config tftp to running-config |
|
ASA may traceback while
fetching personalized user information |
|
ASA traceback: ASA reloaded
when call home feature enabled |
|
ASA never removes
qos-per-class ASP rules when VPN disconnects |
|
ASA webvpn - URLs are not
rewritten through webvpn in 8.4(4)5 |
|
Error when connecting VPN:
DTLS1_GET_RECORD Reason: wrong version number |
|
Destination NAT with non
single service (range, gt, lt)
not working |
|
Traceback in threadname CP
Processing |
|
Traceback in snpi_divert
with timeout floating-conn configured |
|
distribute-list does not show in the router config. |
|
HTTP inspection matches
incorrect line when using header host regex |
|
Crypto IPSec SA's are
created by dynamic crypto map for static peers |
|
Log indicating syslog
connectivity not created when server goes up/down |
|
Cat6000/15.1(1)SY- ASASM/8.5(1.14) PwrDwn due to SW Version Mismatch |
|
5580 - Thread Name: CP
Midpath Processing eip pkp_free_ssl_ctm |
|
traceback in fover_health_monitoring_thread |
|
XSS in SSLVPN |
|
ASA Logging command submits
invalid characters as port zero |
|
Race condition can result
in stuck VPN context following a rekey |
|
access-group commands removed on upgrade to 9.0(1) |
|
ASA writes past end of file
system then can't boot |
|
traffic is resetting uauth timer |
|
ASA may traceback in thread
emweb/https |
|
ASA-Traceback in Dispatch
unit due to dcerpc inspection |
|
ASA TACACS authentication
on Standby working incorrectly |
|
ASASM forwards subnet
directed bcast back onto that subnet |
|
Deny rules in crypto acl
blocks inbound traffic after tunnel formed |
|
Deny ACL lines in
crypto-map add RRI routes |
|
SMP ASA traceback in
periodic_handler in proxyi_rx |
|
Traffic destined for L2L
tunnels can prevent valid L2L from establishing |
|
ASA nested traceback with
url-filtering policy during failover |
|
DAP: debug dap trace not
fully shown after +1000 lines |
|
data-path: ASA-SM: 8.5.1 traceback in Thread Name: SSH |
|
ASA in HA lose shared
license post upgrade to 9.x |
|
Anyconnect mtu config at
ASA not taking effect at client |
|
LU allocate xlate failed
(for NAT with service port) |
|
Smart Call Home sends
Environmental message every 5 seconds for 5500-X |