Cisco
ASA Interim Release Notes
The software images listed below are Interim releases. They contain bug fixes which address specific issues found since the last Feature or Maintenance release. The images are fully supported by Cisco TAC and will remain on the download site only until the next Maintenance release is available. If you do not have a specific problem which is resolved by an Interim release, we recommend that you use the Feature or Maintenance release images.
Important: These images were not fully regression tested. Each individual fix was unit tested, and the image has had a limited amount of automated regression testing to confirm a baseline of functionality. Keep this testing status in mind if you decide to run them in a production environment. We strongly encourage you to upgrade to a fully tested Maintenance or Feature release when it becomes available.
Revision: Version 8.1.2(56) – 10/10/2012
File: asa812-56-smp-k8.bin
Defects resolved since 8.1.2(55):
Standby Unit not getting
session replicated, rerr TCP and UDP increasing |
|
DHCP Memory Allocation
Denial of Service Vulnerability |
|
skinny-inspect intermittently uses odd port for RTP stream |
Revision: Version 8.1.2(55) – 03/01/2012
File: asa812-55-smp-k8.bin
Defects resolved since 8.1.2(50):
Protocol-Independent
Multicast Denial of Service Vulnerability |
|
Slow memory leak by skinny |
|
ASA 8.0(4)32
memory leak related to aaa process |
|
wrong vpn-filter gets applied when peers
have overlapping address space |
|
Incorrect MPF conn counts cause %ASA-3-201011 and DoS
condition for user |
|
ActiveX RDP Plugin fails to connect from WIn7 PC after upgrade to
8.4(3) |
|
|
|
Revision: Version 8.1.2(50) – 10/06/2011
File: asa812-50-smp-k8.bin
Defects resolved since 8.1.2(49):
Multi-context ASA Resets a connection from Flooded packet |
||
SNMP: ASA responds after two SNMP requests |
||
OpenSSL Ciphersuite Downgrade and J-PAKE Issues |
||
ASA may log negative values for Per-client conn limit exceeded messg |
||
ASA MSN inspection causes Watchdog |
||
ESMTP Inspection Incorrectly Detects End of Data |
||
EIGRP default-route is not displayed w/ "ip default-route" route removed |
||
Crafted TACACS+ reply considered as successful auth by ASA |
||
Traceback with phone-proxy Thread Name: Dispatch Unit |
||
ASA: Traceback in ci/console on Standby unit |
||
ILS inspection traceback on malformed ILS traffic |
||
ASA 8.4.2 http inspection might break certain flows intermittently |
||
|
|
|
Revision: Version 8.1.2(49) – 03/12/2011
File: asa812-49-smp-k8.bin
Defects resolved since 8.1.2(43):
Configure fail state link without IP addr causes LAND attack syslogs |
|
SIP builds many secondary conns with register msg but no
registrar |
|
telnet
connections to the box hang after telnet timeout expires |
|
Removed ACL permits inbound packets |
|
child
flows created via established cmd torn down when
parent is removed |
|
PP: Incorrect Entry Installed in ASP
Table for proxy-server command |
|
TFW ENH: Management interface should
operate in routed mode |
|
ASA 8.2.1.4 traceback
when webvpn capture is configured |
|
MU sunrpc
test for dump.call with truncated body cause traceback on |
|
Failover replicated conns
failed if failover lan/stateful link down |
|
1-hour threat-detection enabled by
"clear threat-detection rate" |
|
TCP proxy in SIP inspection causing
1550 block deplete temporarily |
|
threshold
checking for average rate not working in threat-detection |
|
WebVPN
Application Access page not displayed if AES chosen |
|
NAT with ACL statements causing long
time to reboot. |
|
ASA: Unable to pass traffic through an Airlink router w DTLS enabled |
|
ASA 8.04 - certificate chain not being
sent during rekey w/ IPSEC RA |
|
SSH process may exist after being
orphaned from SSH session |
|
ASA: TFW sh
fail output shows Normal(waiting) when Sec unit is act |
|
Actions attached to class class-default
don't apply to traffic |
|
After failover, skinny message are
decoded as SCCPv0 instead of SCCPv17 |
|
SSH to the ASA may fail - ASA may send
Reset |
|
Slow memory leak in WebVPN
related to CIFS cache |
|
Cmd
authorization fails for certain commands on fallback to LOCAL db |
|
Thread Name: netfs_thread_init |
|
ASA 8.0.5+ webvpn
FTP bookmarks no longer will pass embedded user/pass |
|
SNAP frames are sent from Management
interface in Transparent mode ASA |
|
Memory Leak In CIFS can casue memory depletion |
|
ASA Fails to assign available addresses
from local pool |
|
Copy to disk0 without ":", prefills dest as disk0, cant
delete/view file |
|
Memory leak happens due to huge number
of LDAP authentication failure |
|
ASA 8.0.5 1550 block depletion with
ASDM open |
|
Option to change Pane Title missing
from customization editor |
|
ldap-dn
password is in the clear within running config |
|
ASA/w 4-GE-SSM shows module status
unresponsive after power surge |
|
DHCP learned route may not be removed
at end of lease time |
|
quiting
"show controller" command with 'q' key triggers failover |
|
OpenSSL
Record of death |
|
Removing HTTP server caused page fault traceback |
|
ASA traceback
when phone proxy debugging is enabled. |
|
Flows torndown
over VPN tunnel log 302014 with Flow closed by inspection |
|
RSA Crossrealm
Authentication fails to authenticate for vpn
users |
|
ASA tracebacks
in Thread Name: IPsec message handler |
|
ASA: AAA Session limit [2048] reached when xauth
is disabled for vpn |
|
Traceback:
CP Processing |
|
ASA traceback
in Thread Name: Dispatch Unit |
|
RIP denial of service vulnerability |
|
Clientless WebVPN:
DWA 8.0.2 fails to forward attachments |
|
Webvpn
with Citrix - Xenapp upgrade from 11.2 to 12.0
breaks app access |
|
PP: signaling sessions are not removed
after phone disconnects |
|
show
run all command causes SSH session hang |
|
Traceback
typing "import webvpn webcontent
/+CSCOU+/logon.inc stdin" |
|
Thread Name: lu_rx
Page fault: Address not mapped |
|
Inspection triggers block depletion
resulting in traffic failure |
|
ASA WebVPN : Forms don't get
saved in CRM due to no pop-up |
|
Traceback
in Unicorn Proxy Thread, address not mapped |
|
ASA HTTP
response splitting on /+CSCOE+/logon.html |
|
Memory not released after EZVPN client
with cert fails authentication |
|
SMTP DATA packet ending with
<CRLF>. wrongly considered as end of DATA |
|
ASA 8.3.1: Traceback
with snp_fp_punt_block_free_cleanup |
|
per-client-max
and conn-max does not count half-closed connections |
|
Traceback
in Thread Name: lu_rx - gtp_lu_process_pdpmcb_info |
|
Transparent fw
w/ASR group sets dstMAC to other ctx for last ACK for 3WH |
|
"failover
exec standby" TACACS+ authorization failure |
|
Flood of random IPv6 router advertisements
causes high CPU and DoS |
|
Traceback
Thread Name: IKE Daemon Assert |
|
ASA SIP inspection does not rewrite
with interface pat |
|
Management connection
fail after multiple tries with SNMP connections. |
|
TFW mode regens
cert every time 'no ip address' applied to mgmt int |
|
ASA 8.2.3 may not accept management
connections after failover |
|
rtcli:
traceback in rtcli async executor process, eip ci_set_mo |
|
Orphaned SSH sessions and High CPU |
|
Traceback
in IKE Timekeeper |
|
ASA traceback
when using a file management on ASDM |
|
ASR trans FW rewrites wrong dst. MAC when FO peers active on same ASA |
|
Cut-through proxy sends wrong
accounting stop packets |
|
Standby unit sends ARP request with Active
MAC during config sync |
|
Group enumeration possible on ASA |
|
H225 keepaplive
ACK is dropped |
|
Possible to browse flash memory when CA
is enabled |
|
SSH processes stuck in ssh_init state |
|
ASA reload in thread name rtcli when removing a plugin |
Revision: Version 8.1.2(43) – 03/30/2010
File: asa812-43-smp-k8.bin
Defects resolved since 8.1.2(23):
L2TP & NAC -> Default NAC policy prevents data from passing |
|
Syslog over TCP: Should try to reconnect periodically to the server |
|
SIP CRLF keepalives stall TCP-based SIP connections |
|
FT: workaround for read-only flashes |
|
DAP: Increase DAP aggregation max lists lengths and make them dynamic |
|
PIX/ASA PMTUD: ICMP type 3 code 4 uses wrong source interface |
|
traceback netfs_thread_init |
|
DACL remain stale when when used with EzVPN NEM |
|
Traceback in Unicorn Proxy Thread (Old pc <fiber_yield+92 ) |
|
Implement "set connection timeout idle" for ASA/PIX |
|
traceback eip 0x08c4cab2 log_to_servers+1426 at /slib/include/channel.h |
|
CIFS access to Win2008 server via IP address is not working. |
|
WebVPN Full Customization with tunnel-group-list gives error in IE |
|
Traceback at thread name PIX Garbage Collector |
|
Numerous CPU-hogs in vpnfol_thread_timer |
|
Traceback on ASA during configuration of h323 inspection |
|
Unable to Browse to Domain Based DFS Namespaces |
|
ASA 8.0.4.7 Traceback in Thread Name: tmatch compile thread |
|
ASA5550 reloads in tmatch_compile thread on tmatch_element_release |
|
ASA is dropping arp on SSM-4GE |
|
sqlnet traffic causes traceback with inspection configured |
|
ASA does not decrement TTL for packet destined for VPN tunnel |
|
Remote access vpn unable to est after failover with DHCP assigned addr |
|
AAA: ASA is not responding in time when wrong credentials are supplied |
|
ENH: DNS Inspection Needs a Parameter to Allow Truncated DNS Responses |
|
dhcp-network-scope ip that matches interface can cause route deletion |
|
Traffic shaping with priority queueing causes packet delay and drops |
|
VPN: TCP traffic allowed on any port with management-access enabled. |
|
WebVPN: RDP Plugin does not work with ActiveX with large cert chain |
|
ip verify reverse-path interferes with packet-tracer's result output |
|
Anyconnect unable to establish DTLS tunnel if ASA IP address change |
|
No focus on 'More information required' radius challenge/response page |
|
Traceback on telnet/ci from "show nat" command |
|
Duplicate MAC addresses across ASA's in Security Contexts |
|
CSD: Group-url fails in Vault. |
|
WCCP Service Ports Missing in ASP Table when Adding Redirect ACL Entry |
|
Standby ASA traceback after becoming active, EIP snp_fp_inspect_dns+42 |
|
Radius Challenge not presented to anyconnect users at login |
|
The ASA traceback intermittent in IPSec |
|
Keepalive not processed correctly thru TCP Proxy |
|
"clear crypto ipsec sa entry" command doesnt seem to work |
|
Memory leak in 72 / 80 / 192 bytes memory blocks [ tmatch] |
|
ASA stops accepting IP from DHCP when DHCP Scope option is configured |
|
Unable to SSH over remote access VPN (telnet, asdm working) |
|
FW sends rst ack for tcp packet with L2 multicast mac not destined to it |
|
Traceback when editing object-group |
|
subintefaces on 4ge-ssm ports fail with mac-address auto and failover |
|
Traceback from thread DATAPATH-0-483 on failover |
|
asdm does not connect to secondary on failover |
|
Issue with RTP Pinhole timeout |
|
CPOC: Watchdog Traceback in snp_flow_free / snp_conn_release |
|
ASA's DOM wrapper issue- Clientless XSS |
|
ASA WebVPN HTTP server issue-XSS |
|
WebVPN FTP and CIFS issue |
|
WebVPN: full customization disables dap message |
|
Sip inspection is dropping ftp secondary connection on port 5060 |
|
WebVPN: ASA can't support IP/mask based NTLM SSO consistently |
|
ASA fails to redirect traffic to WCCP cache server |
|
AIP-SSM stays in Unresponsive state after momentary voltage drop |
|
websense restriction access page does not display |
|
ESMTP inspection "match MIME filetype" matches on file content as well |
|
Memory leak in Webvpn related to CIFS |
|
Watchdog when inspecting malformed SIP traffic |
|
Traceback in Thread Name: Dispatch Unit (Old pc 0x081727e4 ebp 0xaad3cd1 |
|
DWA 8.5: Unable to send an e-mail with attachment. |
|
SNMP community string not hidden in 'show startup' or 'show conf' |
|
Traceback on Thread Name: AAA due to downloadable ACL processing |
|
Access-list allows port ranges with start-port greater than end-port |
|
traceback Thread Name: fover_tx after multiple SSH to active unit |
|
Traceback in ci/console after sh crypto ipsec sa |
|
Logging standby can create logging loop with syslogs 418001 and 106016 |
|
ASA traceback in inspect Skinny |
|
ASA: scp connection fails with error: unexpected filename |
|
console hangs for extended period of time when config-url is applied |
|
TCP Proxy mis-calculates TCP window causing connectivity problems |
|
ASA intermittently drops traffic for authenticated users w/auth-proxy |
|
SSH script running 'show vpn-sessiondb full remote' causes memory leak |
|
L2TP: DACL w/ Wildcard Mask not applied to L2TP over IPSec Clients |
|
Certificate mapping does not override the group chosen by URL |
|
IPSEC NAT-T - block may get dropped due to VPN handle mismatch |
|
webpage showing missing content. |
|
ASA disconnects IPSec VPN client at P2 rekey with vlan mapping in grppol |
|
Stuck EIGRP ASP entry prevents neighbor from coming up |
|
CRL request failure for Local CA server after exporting and importing |
|
ASA: If CA cert import fails will delete id cert under same trustpoint |
|
Remove ability to add WebVPN group-alias with non-English chars via CLI |
|
Traceback in thread SSH related to using help in policy-map config mode |
|
"switch ingress policy drops" are corrupted every 65535 packets |
|
PIX/ASA don't generate syslog 305005 on nat-rpf-failed counter increase |
|
acl-netmask-convert auto-detect cannot convert wildcard mask of 0.0.0.0 |
|
Session MIB to mirror sh vpn-sessiondb summary doesn't show proper info |
|
Failover pair with CSC-SSM: High CPU usage by SSM Accounting Thread |
|
OCSP connection failures leaks tcp socket causing sockets to fail |
|
"vpn-simultaneous-logins 0" does not prevent user access in all cases |
|
Customization editor: wrong URL of Save icon (text link is OK) |
|
ASA SSLVPN: Error contacting hosts when auto-signon configured |
|
Floating toolbar missing for ARWeb (Remedy) via clientless WebVPN |
|
Reseting the AIP module may cause the ASA to reload with a traceback |
|
ASA 5510 traceback with skinny inspection and phone proxy |
|
AC re-directed to IP address instead of hostname causes cert error |
|
Anyconnect fails to launch if interface ip address is mapped to a name |
|
Port Forwarding creates memory leak |
|
Traceback in capture when adding a dataplane match command |
|
PIX/ASA: L2L RRI routes removed after failover when using originate-only |
|
WARNING: The vlan id entered is not currently configured under any int |
|
WebVPN: RDP plug-in SSO fails. |
|
ASA traceback in Thread Name: Dispatch Unit with TCP intercept |
|
1550 Block Depletions leading to unresponsiveness |
|
ASA 5580 traceback in failover with DATAPATH-3-555 thread |
|
WebVPN: Specific RSS feed give blank page |
|
Burst Traffic causes underrun when QoS shaping is enabled on ASA |
|
Webvpn ACL that permits on tcp with no range does not work using DAP |
|
ASA should reject unuseable ip pool config |
|
ASA5580 snmpget will not provide output for certain OIDs |
|
ASA 8.0(4) traceback in Dispatch Unit due to stack corruption |
|
Memory leak in 72 / 80 bytes memory blocks [ tmatch] |
|
Stateful Failover looses connections following link down |
|
IP address in RTSP Reply packet payload not translated |
|
ASA: AnyConnect is allowed to connect twice with same assigned IP |
|
Smart Tunnels and POST params should support "\" in the username |
|
WebVPN: ST on Mac should popup the tunneled application when started |
|
IPsec/TCP fails due to corrupt SYN+ACK from ASA when SYN has TCP options |
|
CSD: flash:/sdesktop/data.xml file gets truncated when it is > 64kB |
|
L2TP with EAP auth stuck [%ASA-4-403102 - authentication pending] |
|
Traceback on Standby unit during configuration sync |
|
InCorectly added "Host Scan File Check e.g 'C:\' " breaks DAP Policies |
|
vpn-sessiondb : Address sorting is incorrect |
|
access-list logging prints 106100 syslog always at informational level |
|
DAP dap.xml file corrupt after replication |
|
MAC OSX: Smarttunnel applications don't use name resolution |
|
ASA 8.2.1 reloads in "ldap_client_thread" on "Get AD Groups" via ASDM |
|
WebVPN: IE shows secure/unsecure items messages |
|
sh vpn-sessiondb displays incorrect peer for dynamic to static l2l |
|
TCP sessions remain in CLOSEWAIT indefinitely |
|
dhcprelay issue after configuration changes in multi context mode |
|
Traceback - Thread Name: Dispatch Unit with skinny inspect enabled |
|
Citrix ICA on Macintosh over Smart Tunnel fails |
|
WebVPN: Disabling CIFS file-browsing still allows shares to be viewed. |
|
Clientless WebVPN memory leak in rewriter while compressing/decompressin |
|
ASA5580 interfaces does not come up when interfaces are shut/no shut |
|
Syslogs are incorrectly logged at level 0 - emergencies |
|
Traceback when threat detection is disabled and using jumbo frames |
|
ASA - traceback in datapath |
|
Traceback in Thread Name: Dispatch Unit, Page fault |
|
Duplicate shun exemption lines allowed in configuration |
|
Traceback in ak47 debug command. |
|
Clientless SSL VPN Script Errors when accessing DWA 8.5 |
|
ASA: Memory leak when secure desktop is enabled |
|
WebVPN: JavaScript does not process an expression correctly |
|
Memory leak associated with WebVPN inflate sessions |
|
MAC Smart Tunnel fails for certain Java web-applications |
|
webvpn: Issue w/ processing cookie with quoted value of expire attribute |
|
IGMP Join From Second Interface Fails to Be Processed |
|
Traceback in unicorn thread (outway_buffer_i) |
|
SQLNET query via inspection cause communication errors |
|
ASA traceback in Thread Name: Unicorn Proxy Thread |
|
traceback: netfs_request+289 at netfs/netfs_api.c:89 |
|
ASA 5580 traceback in thread name DATAPATH-0-550 |
|
ASA - management sockets are not functional after failover via vpn |
|
Exhaustion of 256 byte blocks and traceback in fover_serial_rx |
|
WEBVPN - CIFS needs to be able to ask IPV4 address from DNS |
|
n2h2 Redirect Page Fails To Forward Under Load |
|
vpn-framed-ip-address does not accept /32 netmask |
|
Traceback in Thread Name: DATAPATH-2-567 |
|
CPU Hog in IKE Daemon |
|
'Per-User-Override' Keyword Removed from an 'Access-Group' Line |
|
PIX/ASA: IOS ezvpn ipsec decompression fails with ASA as ezvpn server |
|
DH group 5 freezes IKE processing for about 80ms |
|
Clientless SSL: Citrix Web Interface XenApps 5.1 client detection fails |
|
Traceback in Datapath-1-480 |
|
Active/Active FO fails when using a shared interface with the same name |
|
Syslog id 302014 shows TCP Reset-O for RESET generated by ASA |
|
L2TP still has auth stuck [%ASA-4-403102 - authentication pending] |
|
PAT Replication failures on ASA failover |
|
WebVPN: RDP plugin shell parameter not working for ActiveX |
|
Standby ASA leaking memory in webvpn environment |
|
Traceback in fover_parse on secondary FO unit |
|
Traceback in Thread Name: aaa |
|
"show service-policy" output for policing shows wrong "actions: drop" |
|
ASA VPN dropping self-sourced ICMP packets (PMTUD) |
|
POST plugin uses Port 80 by default even when csco_proto=https |
|
Smart tunnel bookmark failed with firefox browser |
|
Strip-realm is not working with L2TP-IPSEC connection type |
|
"show conn detail" does not indicate actual timeout |
|
H323: Disable H323 inspect in one context affects H323 inspect in other |
|
WebVPN group-url with a trailing "/" treated differently |
|
WebVPN: Plugin parameter "csco_sso=1" doesn't work in browser favorites |
|
WebVPN: Plugin parameter "csco_sso=1" doesn't work with "=" in password |
|
WebVPN: XML parser and tags with dot. |
|
"Lost connection to firewall" Message in ASDM with "&" in nameif |
|
WebVPN: wrong arg count in Flash rewriter |
|
IPSec over TCP tunnel dropped after launching CIPC |
|
ASA traceback in Thread Name: Dispatch Unit, Abort: Assert Failure |
|
WebVPN - PeopleSoft issue |
|
Traceback when adding "crypto ca server user-db email-otp" |
|
ASA5580 8.1.2 without NAT RTSP inspection changes video server's IP |
|
ASA WEBVPN page rendering issue with forms and Modal dialog |
|
IKE phase 2 for secondary peer fails with connection-type originate-only |
|
H323 inspection fails when multiple TPKT messages in IP packet |
|
ASA: Threat Detection may not release all TD hosts upon disabling |
|
FTP transfers fail thru OSPF-enabled interfaces when failover occurs |
|
Standby ASA reloading because unable to allocate ha msg buffer |
|
Conn ID in %ASA-6-302016 is represented signed instead of unsigned |
|
Group Alias no longer accepts spaces - Broadview |
|
WebVPN Traceback in Unicorn Proxy while rewriting Java applets |
|
Doc: RDP Plugin /?console=yes parameter |
|
Url filter: Need to disable TCP CP stack Nagles algorithm |
|
Inspect ESMTP messages have flipped source and destination |
|
Need better error message for VLAN Mapping for NEM Clients not supported |
|
Cannot open DfltCustomization profile after downgrade from 8.2(1) to 8.0 |
|
Async lock queue back pressure control enhancement |
|
ASA SMP traceback in CP Midpath Processing |
|
ASA traceback has affected failover operation |
|
ASA unable to assign IP address for VPN client from DHCP intermittently |
|
ASA traceback in tmatch compile thread on tmatch_element_release |
|
WebVPN Re-writer formats search results incorrectly in Firefox |
|
TD reporting negative session count |
|
TD may report attackers as targets and vice versa |
|
assert in thread DATAPATH-1-467 on ASA5580 |
|
ASA memory leak one-time ntlm authentication |
|
Upgrade to 8.2.1 causes boot loop |
|
Inspection with Messenger causes a traceback |
|
ASA bootloops with 24 or more VLANs in multimode |
|
show chunkstat should not output empty sibling chunks |
|
Unable to reload appliance when out of memory |
|
memory leak in SNP Conn Core exhausts all memory via chunk_create |
|
When CRL cache is empty revocation check falls back to "NONE" |
|
Policy NAT ignored if source port used in access-list |
|
ASA traceback in 'Thread Name: ssh' when working with captures |
|
Secondary language characters displayed on Web Portal |
|
WebVPN: RDP plug-ing SSO fails when username contains space |
|
enable_15 user can execute some commands on fallback to LOCAL db. |
|
8.2 Auto Signon domain parameter does not work with CIFS |
|
Removed ACL permits inbound packets |
|
Deleting group-policy removes auto-signon config in other group-policies |
|
ASA: SIP inspect not opening pinhole for contact header of SIP 183 msg |
|
Trustpoint certificate will not be updated after re-enrollment |
|
ASA traceback in Thread Name: snmp |
|
Unable to use the search on a webpage through Webvpn |
|
Memory leak in the WebVPN memory pools |
|
WebVPN: rewriter adds port 80 to server without checking |
|
tcp-intercept doesn't start 3WH to inside |
|
Traceback in Dispatch Unit AIP-SSM Inline and nailed option on static |
|
Phone Proxy Dropping RTP Packets After Prolonged Inactivity from Inside |
|
ASA tracebacks in Thread Name: vPif_stats_cleaner |
|
PP: tls-proxy may not get initialized properly for phone-proxy |
|
"clear cry isakmp sa <ip>" doesnt work if there's no corresponding P2 SA |
|
Traceback in Thread Name: PIX Garbage Collector |
|
ASA traceback thread name dispatch unit, assertion calendar_queue.h |
|
MAC OS VMWARE web applications VDI do not work with smart-tunnel |
|
Reload with traceback in Thread Name: CP Midpath Processing |
|
Unnecessary SNAP frame is sent when redundant intf switchover occurs |
|
Show service-policy output needs to be present in show tech |
|
ifSpeed for redundant interfaces show zero values |
|
Duplicate ASP crypto table entry causes firewall to not encrypt traffic |
|
CIFS 'file-browsing disable' blocks access to share if '/' at end of url |
|
LDAP CRL Download Fails due to empty attribute |
|
Traceback in 'ci/console' when Failing Over with Phone Proxy Configured |
|
Problem with cp conn's c_ref_cnt while release cp_flow in tcp_proxy_pto |
|
ASA source port is reused immediately after closing |
|
NetFlow references IDB Interface Value instead of SNMP ifIndex |
|
Automatically added AAA command break ASA5505EasyVPN client |
|
webvpn-cifs: Not able to browsing CIFS shared on server 2008 |
|
WEBVPN: page fault in thread name dispath unit, eip udpmod_user_put |
|
ASA (8.2.1) traceback in dhcp_daemon |
|
Javascript: Mouseover not working through WebVPN |
|
AAA session limit reached with cert-only authentication |
|
Traceback: DATAPATH w/ asp-drop circular-buffer capture |
|
ASA:assert 0 file:"match_tunnelgrp_chain.c" when altering service policy |
|
System hang after reload quick when out of memory |
|
WEBVPN: ASP.NET file link with backslash is modified to a forward slash |
|
Standby unit traceback when active reloads |
|
Traceback: Unicorn Proxy Thread With Forms Based Auth |
|
ASA WebVPN CIFS tries to connect to type GROUP name |
|
Mem leak in Radius_Coalesce_AVpairs |
|
Memory leak in CRL_CheckCertRevocation |
|
QOS policy-map with match tunnel-group is not applied after reload |
|
TCP SIP Call Dropped When Resuming from Hold Due to Incorrect Timeout |
|
npshim: memory leak denies SSL access to/from ASA |
|
Webvpn- rewrite : ASA inserts lang=VBScript incorrectly |
|
tmatch_compile_thread traceback w/ low mem condition due to huge vpn acl |
|
Dynamic NAT Idle Timeout not Reset on Connection Activity |
|
RDP SSO doesn't send pass |
|
On boot, TACACS server is marked FAILED if defined by DNS name |
|
Traceback with SIP pinhole replication Thread Name: Dispatch Unit |
|
ASA 8.0.4 Smarttunnel Relay.dll crashes browser if proxy is configured |
|
WebVPN: in DWA 8.5.1 404 occurs while email preview |
|
Console hangs when trying to write mem or view config |
|
Personalized Bookmarks do not account for authentication realms |
|
memory leaks after anyconnect test with packet drops |
|
ASA: standby unit traceback during failover replication |
|
ASA passes reset packets after a connection is closed |
|
ASA traceback: Thread Name: IKE Daemon |
|
Malformed IKE traffic causes rekey to fail |
|
ASA: Traceback during NTLM authentication |
|
Clientless WebVPN: Errors with DWA 8.5 (Domino Web Access / Notes) |
|
When SAPI tcp-proxy buffer exceeding limit generates misleading syslog |
|
Active/Active - Failover status flaps when shared interface link is down |
|
WebVPN: Cisco Port Forwarder ActiveX does not get updated automatically |
|
SSL lib error. Function: DO_SSL3_WRITE while making cert only SSLVPN |
|
DHCP Proxy -2s delay between consecutive DHCP lease renew after failover |
|
Radius authentication fails after SDI new-pin or next-code challenge |
|
asa https authentication (with/without listener) doesn't prompt |
|
Traceback: CTM message handler - L2TP and crypto reset - stack overflow |
|
vpnlb_thread traceback under low mem condition due to huge vpn acl |
|
emweb/https traceback under low memory condition |
|
WebVPN: Firefox users have issues searching with google |
|
Traceback in Thread Name: SiteMinder SSO Request |
|
ASA watchdog when inspecting malformed SIP traffic |
|
Personal Bookmark using plugins won't use parameters other than the 1st |
|
IMPORTANT TLS/SSL SECURITY UPDATE |
|
Launching ASDM triggers ASA software traceback |
|
assertion "t->stack[0] == STKINIT" failed: file "thread.c", line 743 |
|
New active member should send SNAP frames for MAC address table update |
|
ASA not displaying pictures on the portal page |
|
ASA: Webvpn CIFs does not refresh updated files |
|
Traceback when CSR is generated |
|
LDAP CRL Download Fails due to empty attribute pki-cro |
|
ASA traceback in Thread Name: Checkheaps |
|
SNAP frame with MAC address learned on management-only interface is sent |
|
ASA not getting IPv6 ND sollicitation on subinterfaces |
|
pim spt infinity can cause dp-cp queue overload and affect eigrp, pim, . |
|
IPsec: Outbound context may be deleted prematurely |
|
Traceback on secondary with SIP connection replication |
|
ASA - 1550 block leaking due to email proxy |
|
re-adding class in policy-map causes undesired behavior-see CSCte80609 |
|
ASA: ip IPSec SA not brought up if similar icmp SA is up |
|
ASA assert "new_flow->conn->conn_set == NULL" failed: file "snp_mcast.c" |
|
ASA traceback when new DHCPD commands entered |
|
TCP RSTs returned from inline IPS are dropped on multi-context ASA |
|
Connection once entered into discard state and remains in discard state |
|
traceback in checkheaps during backup of asa with smartcare appliance |
|
ASA fails SSO authentication with Entrust GetAccess |
|
ASA running 8.0.4.32 traceback in Thread Name: Dispatch Unit |
|
Remove uninformative Peer Tbl remove messages |
|
Error event causes Syslog 199011 "Close on bad channel in process/fiber" |
|
VPN session not replicate to Standby after Failover State Link failure |
|
checkheaps causes nested traceback |
|
FTP download for files larger than 2GB doesn't work properly |
|
ASA5580 drops outbound ESP pkt if original pkt needs to be fragmented |
|
CA ServiceDesk hidden frame not showing |
|
Active ASA tracebacks in Thread Name: Dispatch Unit |
|
Disable URL entry should only disable http/https |
|
ASA 8.0.5 snmp-server re-configuration can cause socket used messages |
|
ASA may allow authentication of an invalid username for NT auth |
|
ASA doesn't allow username length of <4 characters |
|
msgid in Language Localization are not synchronized |
|
SSL sockets stuck in CLOSE_WAIT status using webvpn |
|
Encoded error message issue in /+CSCOE+/logon.html |
|
Standby ASA tracebacks in Thread Name: vpnfol_thread_msg |
|
ASA anyconnect DTLS CONN is torn down when tftp error MSG is rvd- CIPC |
|
ASA5580 traceback in thread DATAPATH-2-476, eip rt_timer_cancel_callback |
|
assertion "*cntp != 0" failed: file "mp-datastruct/mp_mutex_rw_lock.h" |
|
Cookie being set improperly due to webvpn misreading firefox flags |
|
WebVPN Smart Tunnel failing for ProPalms Application |
|
VPN user cannot ping to inside interface with management-access config |
|
WebVPN user-storage does not work if user logon as DOMAIN\Username |
|
OWA 2003 To, CC, BCC buttons in address book does not work with webvpn |
|
ASA HW client: deny rule for DHCP should account for remote subnets |
|
ASA - Memory depleting 1% per day due to snmp-server ipsec configuration |
|
Traceback in Dispatch Unit (Old pc 0x08180444 ebp 0xc793d980) |
Revision: Version 8.1.2(23) – 05/04/2009
File: asa812-23-smp-k8.bin
Defects resolved since 8.1.2(12):
VPN: Need to add NAT-T support for
RFC3947 |
|
ENH - Need ability to clear all
captures simultaneously |
|
hic-fail-group-policy
command needs to be removed |
|
SIP does not support 'early RTCP' |
|
ASA traceback
in Dispatch Unit (Old pc 0x00223a67 ebp 0x018b12f8) |
|
High CPU utilization due to OSPF |
|
When long url
triggers syslog 304001 ASA stops sending syslogs to ASDM |
|
match
resp body length for http class-map doesnt take correct value |
|
ASA decrements TTL twice with AIP
module in policy |
|
When routes change, connections should
be updated automatically |
|
context
using SSM app in promiscuous mode shows incorrect memory usage |
|
Without authproxy
currently configured, authproxy DACLs
may become stale |
|
ASA: rate-limiting for encrypted s2s
traffic not consistently handled |
|
Intf
monitoring table for ASDM history stats shows the wrong timestamp |
|
Tracebacks
on standby unit (Thread Name: lu_rx) |
|
WebVPN:
Landing on application other than Home in portal |
|
ASA denial of service on dhcp server |
|
Watchdog traceback
in CTM under high data load/small packets |
|
"show asp
table classify" doesn't show WCCP domain |
|
Extend show ak47 to display per pool
and per block information |
|
SSL VPN: Clientless mangling issue with
certain Websites |
|
WEBVPN RDP plugin
window keys are incorrect. Shift (key) .jar |
|
'mac-address
auto' causes interfaces to fail |
|
NAT_PAT: ASA should give error for
mismatched policy nat ACL |
|
Telnet connection permitted to lowest
security level interface |
|
Mapped named interfaces with certain
names might not be seen in contexts |
|
ip
audit attack config causes info signatures to be
triggered |
|
ASA may traceback
with certain HTTP packets |
|
Traceback
occurs when using DH group 7 |
|
Webvpn memory leak in ramfs-blocks |
|
Smart Tunnel on Mac Leopard 10.5.x
failing |
|
ASA 8.04 - certificate chain not being
sent when configured w/ IPSEC RA |
|
L2TP with EAP auth stuck [%ASA-4-403102
- authentication pending] |
|
Multiple certificates are installed to
one trustpoint when importing. |
|
Standby console freezes if user logs in
prior to detecting mate |
|
ssl
vpn related memory corruption causes traceback |
|
ENH Failover ability to switchover if
FO LAN communication is severed |
|
PMTUD - ICMP type 3 code 4 generated
for GRE flow is dropped 313005 |
|
Java Applet Signing Error..plugins still use old expired certificate |
|
Telnet and SSH bookmarks greyed out |
|
custom
dns group is ignored in WebVPN
searches - error contacting host |
|
sqlnet
traffic causes traceback with inspection configured |
|
"Error Contacting Host" when
accessing CIFS shares with spaces |
|
SACK is dropped when TCP inspection
engines are used |
|
PP: phone cannot register when
configured as Authenticated on UCM |
|
SSL VPN: Java-rewriter: memory leak
implicating WebVPN |
|
ASA webvpn
auto-signon cmd help for
FTP incorrectly show CIFS auth type |
|
Watchdog failure in fover_FSM_thread |
|
Traceback
in IKE Daemon (Old pc 0x080f3c55 <ctm_wait_for_synchronous_com |
|
Traceback
on Standby after excuting "show vpn session remote" |
|
Identity cert being imported without
errors, if conflicting with CA cert |
|
ASA automatically restarting after
receiving OCSP response |
|
1550 block leaks leading active ASA to
reload |
|
ASA traceback
in Thread Name: netfs_thread_init |
|
PIX/ASA LDAP authentication doesn't
work over tunnel |
|
PP: Explicit ACL deny will cause secure
phones to fail registration |
|
set
nat-t-disable in crypto map does not override
global nat-t config |
|
"revocation
check ocsp none" does not reject revoked
certificates |
|
Traceback
in Thread Name: fover_parse |
|
IGMP Join fails on subinterface
after upgrade to 8.1(2) |
|
Wrong counters in "show int" for Redundant interface |
|
PPPoE
re-negotiation does not start after short disconnect |
|
VPN: TCP traffic allowed on any port
with management-access enabled. |
|
%PIX|ASA-3-713128 should be logged as a lower
level message |
|
ASA: Password-Expiry fails for anyconnect
when authorization is enabled |
|
5580 traceback
implicating snp_nat_find_portlist w/ stress test |
|
Entering interface ?
from cmd specific config mode returns to global cfg |
|
Both ASAs are
active when FO interfaces are directly connected |
|
ASDM might show 'n/a - config out of sync' for top ACLs |
|
SSL VPN: Script Errors When Accessing
DWA 8.0.2 |
|
Failover slow to switchover when LAN
interface connected with crossover |
|
Spaces in DAP record name should be
allowed |
|
SNMP traps for certain contexts not
generated |
|
ASA 5505 ezvpn
may leak memory due to startup errors |
|
ASA may traceback
with Thread Name: emweb/https |
|
Citrix not working in 8.0.4.22 |
|
uauth
inactivity timer not taking effect |
|
ASA/CSD - certificate mapping does not
work if CSD is enabled |
|
static
route: ASA should not accept static multicast routes |
|
WebVPN
CIFS: uploading files fails sometimes to HomeServer |
|
Traceback
during large ACL Compilation - driver ioctl call |
|
OCSP revocation stops working after
some time on Cisco ASA |
|
Adding shared interface to second
context stops traffic to 1st context |
|
ASA may processe
LDAP password policy with no password-management |
|
CSD: Unable to run smart-tunnel inside
"browser only" vault |
|
SIP Inspection Doesn't NAT Call-info
field in SIP Notify message |
|
ASA Local CA and caSe
SenSiTiviTy - p12 file vs. username conflict |
|
ASA allows VPN user although Zonelabs Integrity firewall rejects |
|
Automatically added AAA command break
ASA5505EasyVPN client after reboot |
|
Tacacs
Command Accounting does not send packet for 'nat-control' |
|
aaa
Page fault: Invalid permission when box is under moderate stress |
|
CIFS URI cutoff after 15 characters |
|
ASA traceback
upon failover with interface monitor enabled |
|
High memory usage in chunk_create |
|
ASA - High CPU by function "branch_height" from CPU profile |
|
VMWARE web applications (view/vdm) do not work with smart-tunnel |
|
TCP Proxy drops the keepalives
ACK sent on H225 conn, call gets dropped |
|
Traceback
in thread name Dispatch Unit |
|
Stateful
Conns Disappear From Standby During Failover |
|
Adding shared interface to second
context stops traffic to 1st context |
|
Crypto CA limited to 65536 requests |
|
ASA might automatically restart after
issuing 'show vpdn' |
|
ASA 8.0.4 traceback
in Thread Name: IKE Daemon |
|
WCCP Service Ports Missing in ASP Table
when Adding Redirect ACL Entry |
|
AC with CSD and DAP for Posture Assement matches wrong DAP Policy |
|
Failover pair both become active after
failover w/shortest timeout conf. |
|
Adding host to http access results in
Could not start Admin error |
|
ifHighSpeed
and ifSpeed values are zero for 10G operational
interfaces |
|
ifType
values returns as other (1) for 10G interfaces |
|
PIX/ASA traceback
with Thread Name: CMGR Server Process |
|
ASA5580-20 traceback
in CP Processing |
|
Syslog
113019 Disconnect reason not working |
|
Adding pause frame sending capability
for ASA 5580 10GE interface |
|
Webvpn
error recovery events caused by improper error handling |
|
no
pim on one subif disables
eigrp on same physical of 4 ge
module |
|
process_create
corrupt ListQ memory when MAX_THREAD is exceeded |
|
ASA Improve RADIUS accounting
disconnect codes for vpn client |
|
Proper handling of robots.txt on Cisco
ASA SSLVPN |
|
DDNS: A RR update fails if cache entry
exists in show dns-host |
|
ASA might automatically restart in
Thread Name: ppp_timer_thread |
|
File upload causes hang without
recovery |
|
Traceback
in Thread Name: aaa when using Anyconnect
with certificate |
|
PP: ASA should not reply to pings sent
to MTA with outside interface IP |
|
Failover pair is not able to sync config and stuck in Sync Config
state |
|
Cisco ASA may traceback
after processing certain TCP packets |
|
Smart Tunnels and POST parameters
should be interoperable |
|
ASA 8.2 Beta does not work with /31
subnet on failover interface config |
|
qos:
traceback in thread name: ssh,
eip mqc_get_blt_def |
|
Using phone-proxy got assertion "ip.ip_version == IP_VERSION_4" |
|
ESMTP inspection drops DKIM signatured emails with content-type |
|
inspect-mgcp: call-agent name and gateway name disappears after a
reboot |
|
Incorrect severity for ASA syslog message 106102 |
|
Names not supported in EIGRP
summary-address command |
|
"clear
crypto ipsec sa
entry" command doesnt work |
|
Traceback
due to illegal address access in Thread Name: DATAPATH-0-466 |
|
webvpn
cifs unc url doesn't work |
|
Interface fails to pass traffic because
soft-np shows interface as down |
|
ASA Traceback
in Thread fover_FSM_thread with A/A FO testing |
|
Lua
recovery errors observed during boot in multiple-context mode |
|
traceback
in Dispatch Unit: Page fault: Address not mapped |
|
Tacacs
connection match accounting does not display port information |
|
" crypto
map does not hole match" message pops up during conditon
debug |
|
Redundant interface as failover link
lose peer route after reload |
|
Traceback
on standby while processing write memory if context is removed |
|
SSL rekey fails for AnyConnect
when using client-cert authentication |
|
ASA: traceback
with thread name "email client" |
|
ASA 5580 reboots with traceback in threat detection |
|
Shared int Mac add auto reload primary there will be some
packet loss |
|
the
procedure of copying a file from ramfs to flash
should be atomic |
|
ASA: LDAP Password-expiry with
Group-Lock locks users out |
|
Traceback
due to assert in Thread Name: DATAPATH-0-466 |
|
XSS via Host: header in WebVPN Request. |
|
Redundant interface is down if any
member is down at boot |
|
Unable to add member interface to
Redundant Interface |
|
Remove "Server:" directive
from SSL replies when CSD enabled |
|
ASA5505 should not allow pkts to go thru prior to loading config |
|
ASA - Log messages for all subinterfaces seen when adding just one vlan |
|
ASA inspect pptp
does not alter Call ID in inbound Set-Link-info packets |
|
Smart Tunnel failing on MAC 10.5.6 with
Firefox 2 and Safari |
|
ASA doesn't properly handle large SubjectAltName field - UPN parse fails |
|
Using name aliases for the interface
will cause vpn lb to break |
|
WebVPN
Flash rewriter may not clean up all temporary files |
|
Memory leaked when matching tunnel group
based on URL |
|
Logging standby can create logging loop
with syslogs 418001 and 106016 |
|
Long delay before standby becomes
active if unit holdtime misconfigured |
|
Unexpect
Syslog: No SPI to identify Phase 2 SA |
|
Management port in promiscuous mode
processes packets not destined to it |
Revision: Version 8.1.2(12) – 02/04/2009
File: asa812-12-smp-k8.bin
Defects resolved since 8.1.2:
CSCeh26990
'asdm image' command added to config
without user intervention
CSCsl41515
ASA traceback in Dispatch Unit (Old pc 0x00223a67 ebp 0x018b12f8)
CSCsm15079
ASA: 'vpn-idle-timeout none' behavior needs
clarification
CSCsm24047
DNS query is sent out before cmd is completed when dns enabled
CSCsm36960
DAP: Error selecting any DAP records
CSCso66470
Failure of 4GE module stops failover from working
CSCsq19457
ERROR: entry for address/mask = 0.0.0.0/0.0.0.0 may break webvpn
or ASDM
CSCsq43283
ASA traceback in thread webvpn_session_free
CSCsq48636
High CPU when nameif/security level changed for new
interface
CSCsq56045
SSO with Radius challenge/response - OTP is reused for internal sites
CSCsq77997
SSL VPN: Rewriting errors when caching enabled
CSCsq84093
PIX/ASA: Accounting packet shows "unknown" as username
CSCsq87422
"show failover" on PIX does not show monitored interfaces after
upgrade
CSCsq87533
DHCP Client not receiving DHCP ACK during addr
renewal with DHCP relay
CSCsq91271
IKE FSM for AM responder gets into bad state + error loop
CSCsr00298
Keepalive period for asdm_logging
is too long
CSCsr02395
copying config via tftp
breaks through ipsec l2l tunnel
CSCsr09436
FTP buffer logging queue not cleared when logging is disabled
CSCsr11493
ASDM - read-only users receive "enter network password" popup
CSCsr39311
CM SIP Trunk call failures due to ASA closing connection by inspection
CSCsr40409
WebVPN: Group-URL feature fails when connection
profile name has spaces
CSCsr53737
AnyConnect sessions dropped when Failover occurs with
HostScan
CSCsr58672
CPU hog in nat module when acls
are added
CSCsr65102
ASA 8.0.3.12 Traceback in Thread: aaa
CSCsr74265
ASA crypto HW error when trying to fragment small IP packet
CSCsr84465
Backup option in ASDM causes traceback on secondary
unit with failover
CSCsu00218
ASA 8.0(4) WEBVPN: Web-Type ACL incorrectly denies traffic with DAP
CSCsu00947
Webvpn: RDP plugin: Ignore
geometry if FullScreen parameter is present.
CSCsu03240
snmpgetnext not responding properly for cfwBufferStatValue OID
CSCsu05551
brief outage re-establishing failover link/state in active/active mode
CSCsu26592
ASA 7.2: FO replication not working for dACL with
wildcard netmask
CSCsu37451
"Interface number is -1" and no incoming traffic for a vlan interface
CSCsu38259
ASP Classify Table for WCCP not Updated on Service Port Change from CE
CSCsu39077
Translation table webvpn.po has no entry password and
verify password.
CSCsu44598
SQLNet inspection closes flow
CSCsu45313
Show capture generates traceback on ASA 5580 8.1
CSCsu47981
Failover of VPN connections not working with FIPS enabled
CSCsu58733
L2TP IPSec ASA send ESP packet with using old SA pair
CSCsu59140
Access-lists that use "interface" may not work if i/f
changes
CSCsu62772
Compilation of large ACL causes traffic outage
CSCsu62782
VPN traffic gets dropped after rekey w/ multiple cry seq#
for same peer
CSCsu63101
ASA pushes reversed mask and gw if dhcp-network-scope is in the GP
CSCsu65118
ASA: Traceback in Thread Name: ssh
CSCsu67417
Radius accounting request fails on ASA if we have many radius attributes
CSCsu68795
Redundant interface goes down after ASA resets
CSCsu69083
Incorrect Entry Installed in ASP Table for inbound TFTP by Phone Proxy
CSCsu69765
ASA nat command with VPN LB is lost after reload
CSCsu70543
ASA: LDAP doesn't do searchRequest for user if there
is an "\" in cert
CSCsu71696
Traceback in netfs_thread_init:
Page fault: Address not mapped
CSCsu72519
TD shuns UDP senders on standby ASA due to null-udp-session
timeout
CSCsu73112
Traceback on standby ASA 5580 running 8.1.1.9
CSCsu73337
WebVPN: POST Plugin fails
if no URL list defined
CSCsu75735
ASA 8.0.4 smart tunnel with auto-sign on sends wrong password to weburl.
CSCsu76101
Traceback in thread name Dispatch Unit
CSCsu77167
WebVPN: Group-URL fails with non default webvpn port
CSCsu77465
connection is not locked when releasing a child connection on standby
CSCsu77535
'error contacting host' accessing CIFS shares, occurs after 24 days
CSCsu79355
ASA: Isakmp SA not built out backup interface when
route changes
CSCsu84438
WEBVPN CIFS: Must have at least dir list access when mounting subfolders
CSCsu85188
ASA 7.2.4.15 traceback at Thread Name: IKE Daemon
CSCsu88174
Traceback in failover synchronization
CSCsu88302
When global PAT pools exhausted FTP data connections might fail
CSCsu88534
Filtering applied to all dest. ports
upon creation of a new intf
CSCsu90653
ASA: Disabling Isakmp User Auth Causes Webvpn Authentication to Fail
CSCsu92454
Standby 5580 Traceback in Thread Name: DATAPATH-7-563
CSCsu93506
Traceback in Thread Name: Dispatch Unit
CSCsu95114
ASA DHCP Relay Sourcing DHCP unicast msgs on udp 68 instead of udp 67
CSCsu97211
Traceback after configuring GTP inspection in second
class
CSCsu97665
L2TP: Mac Group Name option is failing: SA Proposals Unacceptable
CSCsu97825
L2TP/IPSec with vpn-filters in group-policy misbehave
CSCsu99482
ASA differs from concentrator group and user dACL
merge behavior
CSCsv01270
PIX memory stats through SNMP are incorrect
CSCsv02380
CSD's data.xml corrupted
after upgrade
CSCsv03262
Unavailable tacacs doesn't trigger fallback to LOCAL
authentication
CSCsv07104
clientless webvpn /smart tunnels usage triggers 256
byte block leak
CSCsv10354
ASA doesn't send client hostname to DHCP server for L2TP/IPSec clients
CSCsv10655
Traceback when Updating L2TP Username
CSCsv11062
Redistribute Command Does Not Check the Route-Map for Existence
CSCsv11650
mroute parsed incorrectly at startup when names used
CSCsv14927
Fragmented packets not passing through the shared interface on 5580
CSCsv15680
5580 traceback during Spirent stress test during 60s
clientless ramp up
CSCsv16410
Incorrect routing for EIGRP with redundant interfaces
CSCsv19091
fragmented mcast forwarding broken when NAT is
involved
CSCsv21224
ASA process invalid OSPF MD5 sequence numbers
CSCsv21501
Traceback caused by IKE functions
CSCsv24867
Stateful failover connections not deleted on standby
ASA
CSCsv27829
ASA 5580 stops forwarding traffic while checking CRL
CSCsv28360
SSH/Telnet are not started on Standby Unit
CSCsv28869
HTTP server should send Last-Modified header field for .jnlp
files
CSCsv32284
smart-tunnel command corrupting config when removed
from DfltGrpPolicy
CSCsv34429
Unable to configure ntp server when static PAT for
UDP/123 is configured
CSCsv39815
DAP: Bookmark URL list is not being concatenated
CSCsv42185
Suspected double free resulting in 5580 traceback
CSCsv42924
Traceback in ' Dispatch Unit' on ASA with AIP-SSM in
Inline Mode
CSCsv42964
TD scanning-threat does not pick up the correct rate threshold in syslog
CSCsv43219
Traceback in Ike Daemon Thread
CSCsv43401
cifs browsing fails when accessing any folders under
Japanese folder
CSCsv43552
Radius accounting request fails on ASA if we have many radius attributes
CSCsv44072
Traceback in Thread Name: IP Address Assign
CSCsv47296
sharepoint 2007:excel2003: upload file, edit, then
opened does not open
CSCsv52800
Traceback in Dispatch Unit when phones re-register
with different IP
CSCsv54122
ASA transparent mode: broadcast ARP reflected on same interface
CSCsv57765
Traceback in Thread Dispatch Unit with SIP and
possible IPv6 address
CSCsv59046
Traceback in Unicorn Proxy Thread, abort: watchdog
failure
CSCsv59883
ASA5510 Traceback when VPN timeout set to maximum
CSCsv63354
ASA 8.0.4.x - IPsec tunnel encaps
get frozen after 500Mb of traffic
CSCsv65244
SSL VPN:Incorrect mangling of URLs starting with \\,
like \\test-winc
CSCsv65768
Webvpn memory leak in ramfs-blocks
CSCsv65950
rri route disappearing after phase 2 rekey for
dynamic l2l tunnel
CSCsv65986
Smart Tunnel Enhancement: inform users when Smart Tunnel starts
CSCsv73652
ASA 5580 traceback in Crypto CA (Page fault)
CSCsv73982
syslog 305005 issued despite valid nat/global config
CSCsv76871
ASA may reload with traceback in thread name: vpnlb_thread
CSCsv77900
ASA/PIX may reload with traceback in thread: Dispatch
Unit (IPSEC CTCP)
CSCsv80536
ASA/PIX displays inconsistent value for 'Configuration last modified'
CSCsv81200
SQLNET transfer fails due to TCP proxy dropping unsupported TDS frames
CSCsv83232
Redundant ASA-507003 Syslog Printed for Denies by URL
Filtering
CSCsv86408
Phone Proxy: packet re-ordering and delay causes popping sound in call
CSCsv87869
Assert due to access of stale data during cert authentication.
CSCsv89678
80-byte Block Exhaustion in EIGRP with Phone Proxy Configured
CSCsv89730
Trraceback when zonelabs-integrity
server interface inside is configured
CSCsv91797
Nested Traceback: addressable memory check problem
CSCsv94394
Group-policy selected for the user is not passed to DAP properly
CSCsv95555
ASA may fail to send an ARP reply to zero-sourced request
CSCsv97790
Traceback: IKE Daemon (Old pc 0x0845712b
<IkeDaemon+171>
CSCsv97892
Traceback with Thread Name: IKE Daemon
CSCsw14645
Unable to browse DFS share throught webvpn when DFS replication is used.
CSCsw14926
Traceback: Thread Name: IP Thread
CSCsw16801
first login attempt fails if TACACS+ server behind IPSEC tunnel
CSCsw18184
Ethertype ACL with multiple remarks causes traceback
CSCsw20027
JavaScript and Flash rewriter may leak memory
CSCsw24890
Wildcard in WebType ACL does not recognize special
characters
CSCsw28388
ASA 8.04 - memory leak in DMA crypto free memory
CSCsw30301
Undefined message in AnyConnect page on WebVPN.
CSCsw31799
ASA traceback in thread Checkheaps
CSCsw32254
Traceback in 'ddns_dynamic_update_process'
Thread
CSCsw33175
Route-map to redistribute OSPF into EIGRP does not take effect
CSCsw36505
ASA 5505 SVI goes down even though an active port exists in the vlan
CSCsw43719
AnyConnect standalone group-url:Password
should be Passcode
CSCsw44081
Shut down Sub-Interface processes packets
CSCsw45716
RDP plugin not started with Java
CSCsw45739
rdp-plugin JAVA session does not have the
"home" or "logout" buttons
CSCsw46571
ASA traceback in Thread Name: Unicorn Proxy Thread
CSCsw48684
Unable to start ssh or telnet through webvpn when webtype acl in place
CSCsw50940
ASA traceback with an Address Not Mapped reason
CSCsw51590
ASA/PIX may experience memory leak related to WebVPN
(Chunkstat)
CSCsw51809
sqlnet traffic causes traceback
with inspection configured
CSCsw61870
ASA not trying next DNS server when receiving rcode 2
(Server Failure)
CSCsw65973
AnyConnect prompt for user/pass after Smartcard cert
authentication
CSCsw67427
ASA memory leak related to cert auth w/ webvpn
CSCsw69862
EZVPN with Autoconnect in NEM mode fails during rekey
CSCsw75418
pkts encrypt / pkts decrypt
/ pkts encaps / pkts decaps not shown
CSCsw75605
ASA 5580: U-turn not working for IPSec traffic
CSCsw75854
WebVPN: unmangled requests
on ESS module of SAP
CSCsw80656
ASA drops SYN-ACK destined to L2L tunnel with no connection message
CSCsw85062
ASA5580 reloads after entering show crypto proto stat command
CSCsw91497
Multicontext Transparent firewall with ASR groups
sets wrong Dest-MAC
CSCsx03746
"threat-detection statistics host" disappears
CSCsx04881
Webvpn bookmark redirects to webvpn
logout page
CSCsx05766
Smart tunnel'ed bookmark does not load with Java 6
update 10 onwards
CSCsx07146
LDAP: watchdog reload while doing large AD Group list retrieval