Cisco
ASA Interim Release Notes
The software
images listed below are Interim releases.
They contain bug fixes which address specific issues found since the
last Feature or Maintenance release. The
images are fully supported by Cisco TAC and will remain on the download site
only until the next Maintenance release is available. If you do not have a
specific problem which is resolved by an Interim release, we recommend that you
use the Feature or Maintenance release images.
Important: These images were not fully regression
tested. Each individual fix was unit
tested, and the image has had a limited amount of automated regression testing
to confirm a baseline of functionality.
Keep this testing status in mind if you decide to run them in a
production environment. We strongly
encourage you to upgrade to a fully tested Maintenance or Feature release when
it becomes available.
Revision: Version 9.8(1)7 – 08/01/2017
Files: asa981-7-smp-k8.bin
Defects resolved since 9.8(1)5:
|
FTP data conn scaling fails with dynamic PAT |
|
|
ASA dropping packets with "novalid adjacency" though
valid ARP entry avail |
|
|
OSPF Rogue LSA with maximum sequence number vulnerability |
|
|
Default inspect statements are missing on ASA 5500-x and 2100
device running Threat Defense |
|
|
ASA 5506-X Firepower Threat Defense Reset Button |
|
|
EZVPN NEM client can't reconnect after "no vpnclient
enable" is entered |
|
|
ASA: IKEv2 ipsec-proposal command removed if more than 9
proposals configured in single command |
|
|
ASA TCP SIP inspection translation not working when IP phone is
behind VPN tunnel |
|
|
Traceback in thread name DATAPATH |
|
|
ASA: slow memory leak when using many DNS queries |
|
|
ASA local dns resolution fails when dns server is reachable
through a site to site ipsec tunnel |
|
|
FTD-VPN: VPN RRI not getting synced between Master and Slave
units |
|
|
ASA traceback observed in Datapath due to SIP inspection |
|
|
ASA Traceback in Unicorn Proxy Thread |
|
|
ASA traceback when customer was authenticating to AnyConnect |
|
|
Show Crypto Acclerator shows status as booting for hardware devices |
|
|
ASA: Active FTP not working with extended keyword in NAT. |
|
|
Standby ASA not learning routes via RIP |
|
|
ASA: Multicast packets getting dropped starting code 9.6.3 |
|
|
ASA traceback observed in datapath |
|
|
ASA SNI connection fails after upgrade - no shared cipher |
|
|
ICMP Unreachables (PMTU) dropped indicating "Routing failed
to locate next hop" |
|
|
Smart Licensing ID cert renewal failure should not deregister
product instance |
|
|
Calls not working with CUCI Lync version 11.6.3 on ASA |
|
|
ASA - Traceback in DATAPATH during PAT pool socket allocation |
|
|
ASA does not install routes learned via OSPF over IPSec using
UDP/4500 |
|
|
ASA: IPv6 protocol X rule for passing through FW is dropping packets
with Invalid IP length message |
|
|
AnyConnect new customization creation fails on ASDM for all ASA
versions above 9.5(3) |
|
|
FTD Diagnostic Interface does Proxy ARP for br1 management
subnet |
|
|
OSPF Rogue LSA with maximum sequence number vulnerability |
|
|
ASA Memory Leak - RSA toolkit |
|
|
vpn vlan mapping issue |
|
|
ASA- Traceback in 'Thread Name :
Datapath' on crypto_SSL functions |
|
|
ASA 9.5.1 onwards, Traffic incorrectly routed instead of
management interface |
|
|
ASA Log message 414003 may be generated with bogus IP data when
TCP Syslog Server down |
|
|
ASASM: Interface vlans going to admin down after reload. |
|
|
FTD - Multicast and BPDU traffic dropped due to
dst-l2_lookup-fail |
|
|
Memory leak at location "snp_fp_encrypt" when syslog
server is reachable over the VPN tunnel |
|
|
IPsec SA fail to come up and flap with more than 1000 IPsec SA
count in ASA5506/5508/5516 |
|
|
ASA traceback on websns_rcv_tcp |
|
|
CDA agent stucks in 'Probing' when domain-lookup is enable |
|
|
ASAv: Upgrade issues to the 9.7.1.4 and 9.8.1 when installed on
Hyper-V Windows Server 2012-R2 |
Revision: Version 9.8(1)5 – 06/26/2017
Files: asa981-5-smp-k8.bin
Defects resolved since 9.8(1):
|
ASA 'show memory' output may not properly report total available
memory in 9.5(2) and later |
|
|
Evaluation of pix-asa for OpenSSL May 2016 |
|
|
ASA dropping packets with novalid adjacency though valid ARP
entry avail |
|
|
9.7.1 traceback in snp_fp_qos |
|
|
Unable to run show counters protocol ip |
|
|
Default inspect statements are missing on ASA 5500-x and 2100
device running Threat Defense |
|
|
Traceback on thread name IKE Daemon at mqc_enable_qos_for_tunnel |
|
|
Logs lost when TCP is used as transport protocol for Syslogs |
|
|
CEP records edit page take minutes to load |
|
|
Traffic drops for reverse UDP/TCP IPv6 traffic over IPv4 tunnel |
|
|
ASA 1550 block gradual depletion |
|
|
gzip compression not working via Webvpn |
|
|
ASA does not respond to IPv6 MLD Query. |
|
|
ASA traceback in DATAPATH-41-16976 thread |
|
|
Port Forwarding Session times out due to vpn-idle-timeout in
group-policy while passing data |
|
|
ASA erroneously triggers syslog ID 201011 |
|
|
Mgmt route deletion removes data plane route too. |
|
|
Assertion in syslog.c due to uauth |
|
|
Access-lists not being matched for a newly created object-group |
|
|
timeout conn-holddown shows incorrect syntax help |
|
|
ASA with 9.5.1 and above does not show SXP socket when
managment0/0 is used as src-ip |
|
|
ASA traceback in Thread name: idfw_proc on running show
access-list, while displaying remark |
|
|
ASA in cluster results in incorrect user group mappings between
the Master and Slave |
|
|
%ASA-3-216001: internal error in ci_cons_shell: thread data
misuse |
|
|
ASA traceback in ARP thread, PBR configured |
|
|
Web folder filebrowser applet code signing certificate expired |
|
|
ASA backup in multicontext fails due to [Running Configurations]
ERROR |
|
|
ASA All contexts use the same EIGRP router-ID upon a reload |
|
|
EIGRP routes wrongly being advertising on mgmt routing table vrf
after disabling and enabling EIGRP |
|
|
Error deploying ASAv on ESXi vCenter 6.5 |
|
|
ASA - Interface status change causes VPN traffic disconnect
while using ipsec inner-routing-lookup |
|
|
ASA policy-map configuration is not replicated to cluster slave |
|
|
FTD OSPF with ECMP, packets are sent to peer in down state for
existing connections |
|
|
Increase memory allocated to rest-agent on ASAv5 |
|
|
ASA traceback when trying to remove configured capture |
|
|
ASA traceback in Thread Name: fover_parse performing upgrade
from 9.1.5 to 9.4.3 |
|
|
Unable to switch standby unit of the failover pair to active |
|
|
Allow ASAv5 to operate using > 1GB memory |
|
|
ASAv5: Reduce DMA packet memory to 64MB |
|
|
WebVPN forces IE to use IE8 mode |
|
|
FTD: block depletion with continuous SSL traffic and decrypt
resign enabled. |
|
|
FTD traceback observed during failover synchronization. |
|
|
The interactive icons on internal bookmark site not showing
properly (+CSCO+0undefined) |
|
|
ASA may drop DNS reply containing only additional RR of type TXT |
|
|
SFR Backplane is pulling the public address for policy match instead
of ASA inside address |
|
|
Proxy ARP information for SSH NLP NAT is not updating on the FTD
upon failover |
|
|
ASA with FirePOWER services module generates traceback and
reload |
|
|
Slave should have use CCL to forward traffic instead of
blackholing when egress interface is down |
|
|
ASAv Azure: Allow 750 VPN sessions on ASAv30 |
|
|
ASA reloaded while joining cluster and active as slave |
|
|
CRL verification fails due to incorrect KU after CSCvd41423 |
|
|
Dist-S2S: tunnels stay up even after passing vpn idle timeout in
Multimode |
|
|
In multi-context ASA drops traffic sourced from certain ports
when interface PAT is used |
|
|
ASA clustering to support rollback feature with CSM |
|
|
Upgrading the ASA results in No Valid adjacency due to track
configure on the route |
|
|
ASA: Multicast packets getting dropped starting code 9.6.3 |
|
|
Username is not fetched from certificate when certificate map is
used in clientless portal |
|
|
FP4100 SSP 9.6.2 / cluster - Tx queue stuck causing traffic drop
to occur |
|
|
activate-tunnel-group-scripts not available in 9.6.3.1 |
|
|
hostscan data-limit service-internal command must be exposed and
documented |
|
|
Auto-RP packet is dropped due to no-route - No route to host |
|
|
ASA may traceback on displaying access-list config or saving
running config |
|
|
Traceback in Thread Name: IP RIB Update when routes are
redistributed |
|
|
ASA corrupt dst mac address of return traffic from l2tp client |
|
|
network_udpmod_get not releasing shr_lock in rare error case |
|
|
ASA interfaces may stop passing traffic after ASA reload with
FIPS mode enabled |
|
|
NSF IETF/CISCO commands getting removed on reload |
|
|
Slave reports Master's interface status as init while it is up |