Cisco ASA Interim Release Notes

 

The software images listed below are Interim releases.  They contain bug fixes which address specific issues found since the last Feature or Maintenance release.  The images are fully supported by Cisco TAC and will remain on the download site only until the next Maintenance release is available. If you do not have a specific problem which is resolved by an Interim release, we recommend that you use the Feature or Maintenance release images.

 

Important:  These images were not fully regression tested.  Each individual fix was unit tested, and the image has had a limited amount of automated regression testing to confirm a baseline of functionality.  Keep this testing status in mind if you decide to run them in a production environment.  We strongly encourage you to upgrade to a fully tested Maintenance or Feature release when it becomes available.

 

Revision:  Version 8.1.2(56) – 10/10/2012

File:  asa812-56-smp-k8.bin

Defects resolved since 8.1.2(55):

 

CSCtf68934

Standby Unit not getting session replicated, rerr TCP and UDP increasing

CSCtw84068

DHCP Memory Allocation Denial of Service Vulnerability

CSCtz43942

skinny-inspect intermittently uses odd port for RTP stream

 

 

Revision:  Version 8.1.2(55) – 03/01/2012

File:  asa812-55-smp-k8.bin

Defects resolved since 8.1.2(50):

 

CSCtr47517

Protocol-Independent Multicast Denial of Service Vulnerability

CSCts46366

Slow memory leak by skinny

CSCtt28062

ASA 8.0(4)32 memory leak related to aaa process

CSCtt74695

wrong vpn-filter gets applied when peers have overlapping address space

CSCtv19854

Incorrect MPF conn counts cause %ASA-3-201011 and DoS condition for user

CSCtx58556

ActiveX RDP Plugin fails to connect from WIn7 PC after upgrade to 8.4(3)

 

 

 

Revision:  Version 8.1.2(50) – 10/06/2011

File:  asa812-50-smp-k8.bin

Defects resolved since 8.1.2(49):

 

CSCte90946

Multi-context ASA Resets a connection from Flooded packet

CSCti11757

SNMP: ASA responds after two SNMP requests

CSCtk61443

OpenSSL Ciphersuite Downgrade and J-PAKE Issues

CSCtl23397

ASA may log negative values for Per-client conn limit exceeded messg

CSCtl67486

ASA MSN inspection causes Watchdog

CSCtn08326

ESMTP Inspection Incorrectly Detects End of Data

CSCtn20148

EIGRP default-route is not displayed w/ "ip default-route" route removed

CSCto40365

Crafted TACACS+ reply considered as successful auth by ASA

CSCto53199

Traceback with phone-proxy Thread Name: Dispatch Unit

CSCtq07658

ASA: Traceback in ci/console on Standby unit

CSCtq57697

ILS inspection traceback on malformed ILS traffic

CSCtr78703

ASA 8.4.2 http inspection might break certain flows intermittently

 

 

 

 

Revision:  Version 8.1.2(49) – 03/12/2011

File:  asa812-49-smp-k8.bin

Defects resolved since 8.1.2(43):

 

CSCsd99542

Configure fail state link without IP addr causes LAND attack syslogs

CSCso65967

SIP builds many secondary conns with register msg but no registrar

CSCso96413

telnet connections to the box hang after telnet timeout expires

CSCtb20340

Removed ACL permits inbound packets

CSCtc20079

child flows created via established cmd torn down when parent is removed

CSCtc30025

PP: Incorrect Entry Installed in ASP Table for proxy-server command

CSCtc32872

TFW ENH: Management interface should operate in routed mode

CSCtc42215

ASA 8.2.1.4 traceback when webvpn capture is configured

CSCtc79922

MU sunrpc test for dump.call with truncated body cause traceback on

CSCtd27345

Failover replicated conns failed if failover lan/stateful link down

CSCtd27888

1-hour threat-detection enabled by "clear threat-detection rate"

CSCtd36422

TCP proxy in SIP inspection causing 1550 block deplete temporarily

CSCtd42963

threshold checking for average rate not working in threat-detection

CSCtd71913

WebVPN Application Access page not displayed if AES chosen

CSCtd93962

NAT with ACL statements causing long time to reboot.

CSCtd94385

ASA: Unable to pass traffic through an Airlink router w DTLS enabled

CSCte64811

ASA 8.04 - certificate chain not being sent during rekey w/ IPSEC RA

CSCte72114

SSH process may exist after being orphaned from SSH session

CSCte79575

ASA: TFW sh fail output shows Normal(waiting) when Sec unit is act

CSCte80609

Actions attached to class class-default don't apply to traffic

CSCte85803

After failover, skinny message are decoded as SCCPv0 instead of SCCPv17

CSCtf01287

SSH to the ASA may fail - ASA may send Reset

CSCtf13556

Slow memory leak in WebVPN related to CIFS cache

CSCtf20547

Cmd authorization fails for certain commands on fallback to LOCAL db

CSCtf22332

Thread Name: netfs_thread_init

CSCtf23469

ASA 8.0.5+ webvpn FTP bookmarks no longer will pass embedded user/pass

CSCtf24681

SNAP frames are sent from Management interface in Transparent mode ASA

CSCtf28464

Memory Leak In CIFS can casue memory depletion

CSCtf28466

ASA Fails to assign available addresses from local pool

CSCtf28467

Copy to disk0 without ":", prefills dest as disk0, cant delete/view file

CSCtf29867

Memory leak happens due to huge number of LDAP authentication failure

CSCtf33469

ASA 8.0.5 1550 block depletion with ASDM open

CSCtf46612

Option to change Pane Title missing from customization editor

CSCtf49095

ldap-dn password is in the clear within running config

CSCtf52703

ASA/w 4-GE-SSM shows module status unresponsive after power surge

CSCtf54034

DHCP learned route may not be removed at end of lease time

CSCtf55116

quiting "show controller" command with 'q' key triggers failover

CSCtf81810

OpenSSL Record of death

CSCtf96635

Removing HTTP server caused page fault traceback

CSCtg14368

ASA traceback when phone proxy debugging is enabled.

CSCtg17779

Flows torndown over VPN tunnel log 302014 with Flow closed by inspection

CSCtg18674

RSA Crossrealm Authentication fails to authenticate  for vpn users

CSCtg25510

ASA tracebacks in Thread Name: IPsec message handler

CSCtg28821

ASA:  AAA Session limit [2048] reached when xauth is disabled for vpn

CSCtg45851

Traceback: CP Processing

CSCtg48603

ASA traceback in Thread Name: Dispatch Unit

CSCtg66583

RIP denial of service vulnerability

CSCtg80816

Clientless WebVPN: DWA 8.0.2 fails to forward attachments

CSCtg81514

Webvpn with Citrix - Xenapp upgrade from 11.2 to 12.0 breaks app access

CSCtg84635

PP: signaling sessions are not removed after phone disconnects

CSCtg86810

show run all command causes SSH session hang

CSCth15152

Traceback typing "import webvpn webcontent /+CSCOU+/logon.inc stdin"

CSCth18720

Thread Name: lu_rx Page fault: Address not mapped

CSCth26474

Inspection triggers block depletion resulting in traffic failure

CSCth43128

ASA WebVPN : Forms don't get saved in CRM due to no pop-up

CSCth49826

Traceback in Unicorn Proxy Thread, address not mapped

CSCth63101

ASA  HTTP response splitting on /+CSCOE+/logon.html

CSCth68948

Memory not released after EZVPN client with cert fails authentication

CSCth74607

SMTP DATA packet ending with <CRLF>. wrongly considered as end of DATA

CSCth80945

ASA 8.3.1: Traceback with snp_fp_punt_block_free_cleanup

CSCth91572

per-client-max and conn-max does not count half-closed connections

CSCti09288

Traceback in Thread Name: lu_rx - gtp_lu_process_pdpmcb_info

CSCti20506

Transparent fw w/ASR group sets dstMAC to other ctx for last ACK for 3WH

CSCti22636

"failover exec standby" TACACS+ authorization failure

CSCti24526

Flood of random IPv6 router advertisements causes high CPU and DoS

CSCti35966

Traceback Thread Name: IKE Daemon Assert

CSCti38496

ASA SIP inspection does not rewrite with interface pat

CSCti43763

Management connection fail after multiple tries with SNMP connections.

CSCti62358

TFW mode regens cert every time 'no ip address' applied to mgmt int

CSCti72411

ASA 8.2.3 may not accept management connections after failover

CSCti76899

rtcli: traceback in rtcli async executor process, eip ci_set_mo

CSCti94480

Orphaned SSH sessions and High CPU

CSCti98855

Traceback in IKE Timekeeper

CSCtj20691

ASA traceback when using a file management on ASDM

CSCtj29076

ASR trans FW rewrites wrong dst. MAC when FO peers active on same ASA

CSCtj36804

Cut-through proxy sends wrong accounting stop packets

CSCtj93922

Standby unit sends ARP request with Active MAC during config sync

CSCtj96108

Group enumeration possible on ASA

CSCtj96230

H225 keepaplive ACK is dropped

CSCtk12352

Possible to browse flash memory when CA is enabled

CSCtk34526

SSH processes stuck in ssh_init state

CSCtl10877

ASA reload in thread name rtcli when removing a plugin

 

 

Revision:  Version 8.1.2(43) – 03/30/2010

File:  asa812-43-smp-k8.bin

Defects resolved since 8.1.2(23):

 

CSCsi27903

L2TP & NAC -> Default NAC policy prevents data from passing

CSCsi80967

Syslog over TCP: Should try to reconnect periodically to the server

CSCsj40174

SIP CRLF keepalives stall TCP-based SIP connections

CSCsk03602

FT: workaround for read-only flashes

CSCsk40907

DAP: Increase DAP aggregation max lists  lengths and make them dynamic

CSCsl17191

PIX/ASA PMTUD:  ICMP type 3 code 4 uses wrong source interface

CSCsm40830

traceback netfs_thread_init

CSCsq53127

DACL remain stale when when used with EzVPN NEM

CSCsu27158

Traceback in Unicorn Proxy Thread (Old pc <fiber_yield+92 )

CSCsu38244

Implement "set connection timeout idle" for ASA/PIX

CSCsu48860

traceback eip 0x08c4cab2 log_to_servers+1426 at /slib/include/channel.h

CSCsv36948

CIFS access to Win2008 server via IP address is not working.

CSCsv51025

WebVPN Full Customization with tunnel-group-list gives error in IE

CSCsv52169

Traceback at thread name PIX Garbage Collector

CSCsv71282

Numerous CPU-hogs in vpnfol_thread_timer

CSCsv71555

Traceback on ASA during configuration of h323 inspection

CSCsv73764

Unable to Browse to Domain Based DFS Namespaces

CSCsv86200

ASA 8.0.4.7 Traceback in Thread Name: tmatch compile thread

CSCsv94599

ASA5550 reloads in tmatch_compile thread on tmatch_element_release

CSCsv96545

ASA is dropping arp on SSM-4GE

CSCsw51809

sqlnet traffic causes traceback with inspection configured

CSCsw62827

ASA does not decrement TTL for packet destined for VPN tunnel

CSCsw70329

Remote access vpn unable to est after failover with DHCP assigned addr

CSCsw79486

AAA: ASA is not responding in time when wrong credentials are supplied

CSCsw80103

ENH: DNS Inspection Needs a Parameter to Allow Truncated DNS Responses

CSCsw85251

dhcp-network-scope ip that matches interface can cause route deletion

CSCsx07862

Traffic shaping with priority queueing causes packet delay and drops

CSCsx23611

VPN: TCP traffic allowed on any port with management-access enabled.

CSCsx49794

WebVPN: RDP Plugin does not work with ActiveX with large cert chain

CSCsx49878

ip verify reverse-path interferes with packet-tracer's result output

CSCsx50721

Anyconnect unable to establish DTLS tunnel if ASA IP address change

CSCsx52598

No focus on 'More information required' radius challenge/response page

CSCsx53529

Traceback on telnet/ci from "show nat" command

CSCsx62003

Duplicate MAC addresses across ASA's in Security Contexts

CSCsx76473

CSD: Group-url fails in Vault.

CSCsx83353

WCCP Service Ports Missing in ASP Table when Adding Redirect ACL Entry

CSCsy03579

Standby ASA traceback after becoming active, EIP snp_fp_inspect_dns+42

CSCsy10599

Radius Challenge not presented to anyconnect users at login

CSCsy16595

The ASA traceback intermittent in IPSec

CSCsy30717

Keepalive not processed correctly thru TCP Proxy

CSCsy48107

"clear crypto ipsec sa entry" command doesnt seem to work

CSCsy55762

Memory leak in 72 / 80 / 192 bytes memory blocks [ tmatch]

CSCsy56403

ASA stops accepting IP from DHCP when DHCP Scope option is configured

CSCsy57872

Unable to SSH over remote access VPN (telnet, asdm working)

CSCsy59225

FW sends rst ack for tcp packet with L2 multicast mac not destined to it

CSCsy71401

Traceback when editing object-group

CSCsy75345

subintefaces on 4ge-ssm ports fail with mac-address auto and failover

CSCsy75684

Traceback from thread DATAPATH-0-483 on failover

CSCsy75720

asdm does not connect to secondary on failover

CSCsy76537

Issue with RTP Pinhole timeout

CSCsy78105

CPOC: Watchdog Traceback in snp_flow_free / snp_conn_release

CSCsy80694

ASA's DOM wrapper issue- Clientless XSS

CSCsy80705

ASA WebVPN HTTP server issue-XSS

CSCsy80709

WebVPN FTP and CIFS issue

CSCsy80716

WebVPN: full customization disables dap message

CSCsy81426

Sip inspection is dropping ftp secondary connection on port 5060

CSCsy82188

WebVPN: ASA can't support IP/mask based NTLM SSO consistently

CSCsy82260

ASA fails to redirect traffic to WCCP cache server

CSCsy84268

AIP-SSM stays in Unresponsive state after momentary voltage drop

CSCsy85642

websense restriction access page does not display

CSCsy88174

ESMTP inspection "match MIME filetype" matches on file content as well

CSCsy88238

Memory leak in Webvpn related to CIFS

CSCsy91157

Watchdog when inspecting malformed SIP traffic

CSCsy92661

Traceback in Thread Name: Dispatch Unit (Old pc 0x081727e4 ebp 0xaad3cd1

CSCsy93180

DWA 8.5: Unable to send an e-mail with attachment.

CSCsy97437

SNMP community string not hidden in 'show startup' or 'show conf'

CSCsy98584

Traceback on Thread Name: AAA due to downloadable ACL processing

CSCsy98662

Access-list allows port ranges with start-port greater than end-port

CSCsy99063

traceback Thread Name: fover_tx after multiple SSH to active unit

CSCsz01314

Traceback in ci/console after sh crypto ipsec sa

CSCsz02807

Logging standby can create logging loop with syslogs 418001 and 106016

CSCsz06748

ASA traceback in inspect Skinny

CSCsz10128

ASA: scp connection fails with error: unexpected filename

CSCsz10339

console hangs for extended period of time when config-url is applied

CSCsz11180

TCP Proxy mis-calculates TCP window causing connectivity problems

CSCsz11835

ASA intermittently drops traffic for authenticated users w/auth-proxy

CSCsz12600

SSH script running 'show vpn-sessiondb full remote' causes memory leak

CSCsz17027

L2TP: DACL w/ Wildcard Mask not applied to L2TP over IPSec Clients

CSCsz18759

Certificate mapping does not override the group chosen by URL

CSCsz19296

IPSEC NAT-T - block may get dropped due to VPN handle mismatch

CSCsz20830

webpage showing missing content.

CSCsz22256

ASA disconnects IPSec VPN client at P2 rekey with vlan mapping in grppol

CSCsz24401

Stuck EIGRP ASP entry prevents neighbor from coming up

CSCsz26471

CRL request failure for Local CA server after exporting and importing

CSCsz29041

ASA: If CA cert import fails will delete id cert under same trustpoint

CSCsz32125

Remove ability to add WebVPN group-alias with non-English chars via CLI

CSCsz32354

Traceback in thread SSH related to using help in policy-map config mode

CSCsz33819

"switch ingress policy drops" are corrupted every 65535 packets

CSCsz34273

PIX/ASA don't generate syslog 305005 on nat-rpf-failed counter increase

CSCsz34300

acl-netmask-convert auto-detect cannot convert wildcard mask of 0.0.0.0

CSCsz34811

Session MIB to mirror sh vpn-sessiondb summary doesn't show proper info

CSCsz35484

Failover pair with CSC-SSM: High CPU usage by SSM Accounting Thread

CSCsz36816

OCSP connection failures leaks tcp socket causing sockets to fail

CSCsz37164

"vpn-simultaneous-logins 0" does not prevent user access in all cases

CSCsz37495

Customization editor: wrong URL of Save icon (text link is OK)

CSCsz38884

ASA SSLVPN:  Error contacting hosts when auto-signon configured

CSCsz39438

Floating toolbar missing for ARWeb (Remedy) via clientless WebVPN

CSCsz40743

Reseting the AIP module may cause the ASA to reload with a traceback

CSCsz42003

ASA 5510 traceback with skinny inspection and phone proxy

CSCsz43374

AC re-directed to IP address instead of hostname causes cert error

CSCsz43608

Anyconnect fails to launch if interface ip address is mapped to a name

CSCsz43748

Port Forwarding creates memory leak

CSCsz44078

Traceback in capture when adding a dataplane match command

CSCsz48558

PIX/ASA: L2L RRI routes removed after failover when using originate-only

CSCsz48653

WARNING: The vlan id entered is not currently configured under any int

CSCsz52448

WebVPN: RDP plug-in SSO fails.

CSCsz52937

ASA traceback in Thread Name: Dispatch Unit with TCP intercept

CSCsz53474

1550 Block Depletions leading to unresponsiveness

CSCsz54501

ASA 5580 traceback in failover  with DATAPATH-3-555 thread

CSCsz55620

WebVPN: Specific RSS feed give blank page

CSCsz58391

Burst Traffic causes underrun when QoS shaping is enabled on ASA

CSCsz59196

Webvpn ACL that permits on tcp with no range does not work using DAP

CSCsz61074

ASA should reject unuseable ip pool config

CSCsz62364

ASA5580 snmpget will not provide output for certain OIDs

CSCsz62566

ASA 8.0(4) traceback in Dispatch Unit due to stack corruption

CSCsz63008

Memory leak in 72 / 80 bytes memory blocks [ tmatch]

CSCsz63217

Stateful Failover looses connections following link down

CSCsz67729

IP address in RTSP Reply packet payload not translated

CSCsz70270

ASA: AnyConnect is allowed to connect twice with same assigned IP

CSCsz70541

Smart Tunnels and POST params should support "\" in the username

CSCsz70555

WebVPN: ST on Mac should popup the tunneled application when started

CSCsz70906

IPsec/TCP fails due to corrupt SYN+ACK from ASA when SYN has TCP options

CSCsz72175

CSD: flash:/sdesktop/data.xml file gets truncated when it is > 64kB

CSCsz72351

L2TP with EAP auth stuck [%ASA-4-403102 - authentication pending]

CSCsz72684

Traceback on Standby unit during configuration sync

CSCsz72810

InCorectly added "Host Scan File Check e.g 'C:\' " breaks DAP Policies

CSCsz73096

vpn-sessiondb : Address sorting is incorrect

CSCsz73284

access-list logging prints 106100 syslog always at informational level

CSCsz73387

DAP dap.xml file corrupt after replication

CSCsz73955

MAC OSX: Smarttunnel applications don't use name resolution

CSCsz75451

ASA 8.2.1 reloads in  "ldap_client_thread" on "Get AD Groups" via ASDM

CSCsz76191

WebVPN: IE shows secure/unsecure items messages

CSCsz77705

sh vpn-sessiondb displays incorrect peer for dynamic to static l2l

CSCsz77717

TCP sessions remain in CLOSEWAIT indefinitely

CSCsz78701

dhcprelay issue after configuration changes in multi context mode

CSCsz79757

Traceback - Thread Name: Dispatch Unit with skinny inspect enabled

CSCsz80366

Citrix ICA on Macintosh over Smart Tunnel fails

CSCsz80777

WebVPN: Disabling CIFS file-browsing still allows shares to be viewed.

CSCsz83417

Clientless WebVPN memory leak in rewriter while compressing/decompressin

CSCsz83798

ASA5580 interfaces does not come up when interfaces are shut/no shut

CSCsz85299

Syslogs are incorrectly logged at level 0 - emergencies

CSCsz86120

Traceback when threat detection is disabled and using jumbo frames

CSCsz86143

ASA - traceback in datapath

CSCsz86891

Traceback in Thread Name: Dispatch Unit, Page fault

CSCsz87577

Duplicate shun exemption lines allowed in configuration

CSCsz92485

Traceback in ak47 debug command.

CSCsz92650

Clientless SSL VPN Script Errors when accessing DWA 8.5

CSCsz92808

ASA: Memory leak when secure desktop is enabled

CSCsz93284

WebVPN: JavaScript does not process an expression correctly

CSCsz97334

Memory leak associated with WebVPN inflate sessions

CSCsz99458

MAC Smart Tunnel fails for certain Java web-applications

CSCta00078

webvpn: Issue w/ processing cookie with quoted value of expire attribute

CSCta01745

IGMP Join From Second Interface Fails to Be Processed

CSCta02877

Traceback in unicorn thread (outway_buffer_i)

CSCta03382

SQLNET query via inspection cause communication errors

CSCta06294

ASA traceback in Thread Name: Unicorn Proxy Thread

CSCta06806

traceback: netfs_request+289 at netfs/netfs_api.c:89

CSCta10301

ASA 5580 traceback in thread name DATAPATH-0-550

CSCta10530

ASA - management sockets are not functional after failover via vpn

CSCta12118

Exhaustion of 256 byte blocks and traceback in fover_serial_rx

CSCta13245

WEBVPN - CIFS needs to be able to ask IPV4 address from DNS

CSCta16164

n2h2 Redirect Page Fails To Forward Under Load

CSCta16720

vpn-framed-ip-address does not accept /32 netmask

CSCta18361

Traceback in Thread Name: DATAPATH-2-567

CSCta18472

CPU Hog in IKE Daemon

CSCta18623

'Per-User-Override' Keyword Removed from an 'Access-Group' Line

CSCta18741

PIX/ASA: IOS ezvpn ipsec decompression fails with ASA as ezvpn server

CSCta20344

DH group 5 freezes IKE processing for about 80ms

CSCta21219

Clientless SSL: Citrix Web Interface XenApps 5.1 client detection fails

CSCta23184

Traceback in Datapath-1-480

CSCta23935

Active/Active FO fails when using a shared interface with the same name

CSCta24704

Syslog id 302014 shows TCP Reset-O for RESET generated by ASA

CSCta25498

 L2TP still has auth stuck [%ASA-4-403102 - authentication pending]

CSCta26626

PAT Replication failures on  ASA failover

CSCta27250

WebVPN: RDP plugin shell parameter not working for ActiveX

CSCta27739

Standby ASA leaking memory in webvpn environment

CSCta28493

Traceback in fover_parse on secondary FO unit

CSCta32954

Traceback in Thread Name: aaa

CSCta33092

"show service-policy" output for policing shows wrong "actions: drop"

CSCta33419

ASA VPN dropping self-sourced ICMP packets (PMTUD)

CSCta36043

POST plugin uses Port 80 by default even when csco_proto=https

CSCta38552

Smart tunnel bookmark failed with firefox browser

CSCta39633

Strip-realm is not working with L2TP-IPSEC connection type

CSCta42035

"show conn detail" does not indicate actual timeout

CSCta42455

H323: Disable H323 inspect in one context affects H323 inspect in other

CSCta45256

WebVPN group-url with a trailing "/" treated differently

CSCta47556

WebVPN: Plugin parameter "csco_sso=1" doesn't work in browser favorites

CSCta47685

WebVPN: Plugin parameter "csco_sso=1" doesn't work with "=" in password

CSCta47769

WebVPN: XML parser and tags with dot.

CSCta49088

"Lost connection to firewall" Message in ASDM with "&" in nameif

CSCta49362

WebVPN: wrong arg count in Flash rewriter

CSCta54837

IPSec over TCP tunnel dropped after launching CIPC

CSCta55072

ASA traceback in Thread Name: Dispatch Unit, Abort: Assert Failure

CSCta55102

WebVPN - PeopleSoft issue

CSCta55567

Traceback when adding "crypto ca server user-db email-otp"

CSCta56375

ASA5580 8.1.2 without NAT RTSP inspection changes video server's IP

CSCta56895

ASA WEBVPN page rendering issue with forms and Modal dialog

CSCta57915

IKE phase 2 for secondary peer fails with connection-type originate-only

CSCta62631

H323 inspection fails when multiple TPKT messages in IP packet

CSCta73035

ASA: Threat Detection may not release all TD hosts upon disabling

CSCta78657

FTP transfers fail thru OSPF-enabled interfaces when failover occurs

CSCta79938

Standby ASA reloading because unable to allocate ha msg buffer

CSCta80025

Conn ID in %ASA-6-302016 is represented signed instead of unsigned

CSCta86483

Group Alias no longer accepts spaces - Broadview

CSCta88732

WebVPN Traceback in Unicorn Proxy while rewriting Java applets

CSCta89636

Doc: RDP Plugin /?console=yes parameter

CSCta92056

Url filter: Need to disable TCP CP stack Nagles algorithm

CSCta93115

Inspect ESMTP messages have flipped source and destination

CSCta93567

Need better error message for VLAN Mapping for NEM Clients not supported

CSCta94184

Cannot open DfltCustomization profile after downgrade from 8.2(1) to 8.0

CSCta94244

Async lock queue back pressure control enhancement

CSCta98269

ASA SMP traceback in CP Midpath Processing

CSCta99081

ASA traceback has affected failover operation

CSCtb01577

ASA unable to assign IP address for VPN client from DHCP intermittently

CSCtb01729

ASA traceback in tmatch compile thread on tmatch_element_release

CSCtb03881

WebVPN Re-writer formats search results incorrectly in Firefox

CSCtb04171

TD reporting negative session count

CSCtb04188

TD may report attackers as targets and vice versa

CSCtb05806

assert in thread DATAPATH-1-467 on ASA5580

CSCtb05956

ASA memory leak one-time ntlm authentication

CSCtb06293

Upgrade to 8.2.1 causes boot loop

CSCtb07020

Inspection with Messenger causes a traceback

CSCtb07060

ASA bootloops with 24 or more VLANs in multimode

CSCtb12123

show chunkstat should not output empty sibling chunks

CSCtb12184

Unable to reload appliance when out of memory

CSCtb12225

memory leak in SNP Conn Core exhausts all memory via chunk_create

CSCtb16769

When CRL cache is empty revocation check falls back to "NONE"

CSCtb17123

Policy NAT ignored if source port used in access-list

CSCtb17498

ASA traceback in 'Thread Name: ssh' when working with captures

CSCtb17539

Secondary language characters displayed on Web Portal

CSCtb18378

WebVPN: RDP plug-ing SSO fails when username contains space

CSCtb18901

enable_15 user can execute some commands on fallback to LOCAL db.

CSCtb18940

8.2 Auto Signon domain parameter does not work with CIFS

CSCtb20340

Removed ACL permits inbound packets

CSCtb20506

Deleting group-policy removes auto-signon config in other group-policies

CSCtb23281

ASA: SIP inspect not opening pinhole for contact header of SIP 183 msg

CSCtb25740

Trustpoint certificate will not be updated after re-enrollment

CSCtb27147

ASA traceback in Thread Name: snmp

CSCtb27753

Unable to use the search on a webpage through Webvpn

CSCtb31899

Memory leak in the WebVPN memory pools

CSCtb32114

WebVPN: rewriter adds port 80 to server without checking

CSCtb36994

tcp-intercept doesn't start 3WH to inside

CSCtb37219

Traceback in Dispatch Unit AIP-SSM Inline and nailed option on static

CSCtb38075

Phone Proxy Dropping RTP Packets After Prolonged Inactivity from Inside

CSCtb38344

ASA tracebacks in Thread Name: vPif_stats_cleaner

CSCtb39579

PP: tls-proxy may not get initialized properly for phone-proxy

CSCtb42847

"clear cry isakmp sa <ip>" doesnt work if there's no corresponding P2 SA

CSCtb42871

Traceback in Thread Name: PIX Garbage Collector

CSCtb45354

ASA traceback thread name dispatch unit, assertion calendar_queue.h

CSCtb45571

MAC OS VMWARE web applications VDI do not work with smart-tunnel

CSCtb48049

Reload with traceback in Thread Name: CP Midpath Processing

CSCtb49797

Unnecessary SNAP frame is sent when redundant intf switchover occurs

CSCtb52929

Show service-policy output needs to be present in show tech

CSCtb52943

ifSpeed for redundant interfaces show zero values

CSCtb53186

Duplicate ASP crypto table entry causes firewall to not encrypt traffic

CSCtb56128

CIFS 'file-browsing disable' blocks access to share if '/' at end of url

CSCtb57172

LDAP CRL Download Fails  due to empty attribute

CSCtb60778

Traceback in 'ci/console' when Failing Over with Phone Proxy Configured

CSCtb61326

Problem with cp conn's c_ref_cnt while release cp_flow in tcp_proxy_pto

CSCtb62670

ASA source port is reused immediately after closing

CSCtb63825

NetFlow references IDB Interface Value instead of SNMP ifIndex

CSCtb64480

Automatically added AAA command break ASA5505EasyVPN client

CSCtb64885

webvpn-cifs: Not able to browsing CIFS shared on server 2008

CSCtb64913

WEBVPN: page fault in thread name dispath unit, eip udpmod_user_put

CSCtb65464

ASA (8.2.1) traceback in dhcp_daemon

CSCtb65722

Javascript: Mouseover not working through WebVPN

CSCtb69486

AAA session limit reached with cert-only authentication

CSCtb86463

Traceback: DATAPATH w/ asp-drop circular-buffer capture

CSCtb86570

ASA:assert 0 file:"match_tunnelgrp_chain.c" when altering service policy

CSCtb89824

System hang after reload quick when out of memory

CSCtb98621

WEBVPN: ASP.NET file link with backslash is modified to a forward slash

CSCtb99389

Standby unit traceback when active reloads

CSCtc00487

Traceback: Unicorn Proxy Thread With Forms Based Auth

CSCtc00929

ASA WebVPN CIFS tries to connect to type GROUP name

CSCtc01815

Mem leak in Radius_Coalesce_AVpairs

CSCtc01864

Memory leak in CRL_CheckCertRevocation

CSCtc02642

QOS policy-map with match tunnel-group is not applied after reload

CSCtc03451

TCP SIP Call Dropped When Resuming from Hold Due to Incorrect Timeout

CSCtc03654

npshim: memory leak denies SSL access to/from ASA

CSCtc12240

Webvpn- rewrite : ASA inserts lang=VBScript incorrectly

CSCtc13966

tmatch_compile_thread traceback w/ low mem condition due to huge vpn acl

CSCtc18516

Dynamic NAT Idle Timeout not Reset on Connection Activity

CSCtc25115

RDP SSO doesn't send pass

CSCtc29220

On boot, TACACS server is marked FAILED if defined by DNS name

CSCtc30413

Traceback with SIP pinhole replication Thread Name: Dispatch Unit

CSCtc32826

ASA 8.0.4 Smarttunnel Relay.dll crashes browser if proxy is configured

CSCtc33398

WebVPN: in DWA 8.5.1 404 occurs while email preview

CSCtc35058

Console hangs when trying to write mem or view config

CSCtc35096

Personalized Bookmarks do not account for authentication realms

CSCtc40891

memory leaks after anyconnect test with packet drops

CSCtc41374

ASA: standby unit traceback during failover replication

CSCtc42064

ASA passes reset packets after a connection is closed

CSCtc43209

ASA traceback: Thread Name: IKE Daemon

CSCtc47782

Malformed IKE traffic causes rekey to fail

CSCtc48310

ASA: Traceback during NTLM authentication

CSCtc52217

Clientless WebVPN: Errors with DWA 8.5 (Domino Web Access / Notes)

CSCtc62281

When SAPI tcp-proxy buffer exceeding limit generates misleading syslog

CSCtc69318

Active/Active - Failover status flaps when shared interface link is down

CSCtc70548

WebVPN: Cisco Port Forwarder ActiveX  does not get updated automatically

CSCtc71135

SSL lib error. Function: DO_SSL3_WRITE while making cert only SSLVPN

CSCtc73117

DHCP Proxy -2s delay between consecutive DHCP lease renew after failover

CSCtc73833

Radius authentication fails after SDI new-pin or next-code challenge

CSCtc78636

asa https authentication (with/without listener) doesn't prompt

CSCtc81874

Traceback: CTM message handler - L2TP and crypto reset - stack overflow

CSCtc82010

vpnlb_thread traceback under low mem condition due to huge vpn acl

CSCtc82025

emweb/https traceback under low memory condition

CSCtc90093

WebVPN: Firefox users have issues searching with google

CSCtc93523

Traceback in Thread Name: SiteMinder SSO Request

CSCtc96018

ASA watchdog when inspecting malformed SIP traffic

CSCtc99553

Personal Bookmark using plugins won't use parameters other than the 1st

CSCtd00697

IMPORTANT TLS/SSL SECURITY UPDATE

CSCtd14917

Launching ASDM triggers ASA software traceback

CSCtd15605

assertion "t->stack[0] == STKINIT" failed: file "thread.c", line 743

CSCtd25685

New active member should send SNAP frames for MAC address table update

CSCtd28327

ASA not displaying pictures on the portal page

CSCtd28887

ASA: Webvpn CIFs does not refresh updated files

CSCtd29154

Traceback when CSR is generated

CSCtd30953

LDAP CRL Download Fails due to empty attribute pki-cro

CSCtd31831

ASA traceback in Thread Name: Checkheaps

CSCtd32984

SNAP frame with MAC address learned on management-only interface is sent

CSCtd34024

ASA not getting IPv6 ND sollicitation on subinterfaces

CSCtd34106

pim spt infinity can cause dp-cp queue overload and affect eigrp, pim, .

CSCtd36473

IPsec: Outbound context may be deleted prematurely

CSCtd43241

Traceback on secondary with SIP connection replication

CSCtd44433

ASA - 1550 block leaking due to email proxy

CSCtd50421

re-adding class in policy-map causes undesired behavior-see CSCte80609

CSCtd51042

ASA:  ip IPSec SA not brought up if similar icmp SA is up

CSCtd52211

ASA assert "new_flow->conn->conn_set == NULL" failed: file "snp_mcast.c"

CSCtd53356

ASA traceback when new DHCPD commands entered

CSCtd53390

TCP RSTs returned from inline IPS are dropped on multi-context ASA

CSCtd54025

Connection once entered into discard state and remains in discard state

CSCtd54252

traceback in checkheaps during backup of asa with smartcare appliance

CSCtd54583

ASA fails SSO authentication with Entrust GetAccess

CSCtd55032

ASA running 8.0.4.32 traceback in Thread Name: Dispatch Unit

CSCtd55346

Remove uninformative Peer Tbl remove messages

CSCtd60720

Error event causes Syslog 199011 "Close on bad channel in process/fiber"

CSCtd74691

VPN session not replicate to Standby after Failover State Link failure

CSCtd79084

checkheaps causes nested traceback

CSCtd86281

FTP download for files larger than 2GB doesn't work properly

CSCtd87194

ASA5580 drops outbound ESP pkt if original pkt needs to be fragmented

CSCte05514

CA ServiceDesk hidden frame not showing

CSCte08022

Active ASA tracebacks in Thread Name: Dispatch Unit

CSCte15462

Disable URL entry should only disable http/https

CSCte18319

ASA 8.0.5 snmp-server re-configuration can cause socket used messages

CSCte21953

ASA may allow authentication of an invalid username for NT auth

CSCte25741

ASA doesn't allow username length of <4 characters

CSCte38909

msgid in Language Localization are not synchronized

CSCte38942

SSL sockets stuck in CLOSE_WAIT status using webvpn

CSCte39708

Encoded error message issue in /+CSCOE+/logon.html

CSCte39982

Standby ASA tracebacks in Thread Name: vpnfol_thread_msg

CSCte42788

ASA anyconnect DTLS CONN is torn down when tftp error MSG  is rvd- CIPC

CSCte43903

ASA5580 traceback in thread DATAPATH-2-476, eip rt_timer_cancel_callback

CSCte46074

assertion "*cntp != 0" failed: file "mp-datastruct/mp_mutex_rw_lock.h"

CSCte46239

Cookie being set improperly due to webvpn misreading firefox flags

CSCte55199

WebVPN Smart Tunnel failing for ProPalms Application

CSCte57663

VPN user cannot ping to inside interface with management-access config

CSCte65315

WebVPN user-storage does not work if user logon as DOMAIN\Username

CSCte72846

OWA 2003 To, CC, BCC buttons in address book does not work with webvpn

CSCte92557

ASA HW client: deny rule for DHCP should account for remote subnets

CSCtf02322

ASA - Memory depleting 1% per day due to snmp-server ipsec configuration

CSCtf02712

Traceback in Dispatch Unit (Old pc 0x08180444 ebp 0xc793d980)

 

 

Revision:  Version 8.1.2(23) – 05/04/2009

File:  asa812-23-smp-k8.bin

Defects resolved since 8.1.2(12):

 

CSCei47856

VPN: Need to add NAT-T support for RFC3947

CSCsi83390

ENH - Need ability to clear all captures simultaneously

CSCsj47390

hic-fail-group-policy command needs to be removed

CSCsl04124

SIP does not support 'early RTCP'

CSCsl41515

ASA traceback in Dispatch Unit (Old pc 0x00223a67 ebp 0x018b12f8)

CSCsl95928

High CPU utilization due to OSPF

CSCsm11264

When long url triggers syslog 304001 ASA stops sending syslogs to ASDM

CSCsm39914

match resp body length for http class-map doesnt take correct value

CSCsm76224

ASA decrements TTL twice with AIP module in policy

CSCso42904

When routes change, connections should be updated automatically

CSCso80611

context using SSM app in promiscuous mode shows incorrect memory usage

CSCsq34317

Without authproxy currently configured, authproxy DACLs may become stale

CSCsq34336

ASA: rate-limiting for encrypted s2s traffic not consistently handled

CSCsq61081

Intf monitoring table for ASDM history stats shows the wrong timestamp

CSCsr66402

Tracebacks on standby unit (Thread Name: lu_rx)

CSCsr68450

WebVPN: Landing on application other than Home in portal

CSCsr96463

ASA denial of service on dhcp server

CSCsu11412

Watchdog traceback in CTM under high data load/small packets

CSCsu27257

"show asp table classify" doesn't show WCCP domain

CSCsu56483

Extend show ak47 to display per pool and per block information

CSCsu76346

SSL VPN: Clientless mangling issue with certain Websites

CSCsu77600

WEBVPN RDP plugin window keys are incorrect. Shift (key) .jar

CSCsv16326

'mac-address auto' causes interfaces to fail

CSCsv32093

NAT_PAT: ASA should give error for mismatched policy nat ACL

CSCsv40504

Telnet connection permitted to lowest security level interface

CSCsv44093

Mapped named interfaces with certain names might not be seen in contexts

CSCsv46919

ip audit attack config causes info signatures to be triggered

CSCsv52239

ASA may traceback with certain HTTP packets

CSCsv54421

Traceback occurs when using DH group 7

CSCsv65768

 Webvpn memory leak in ramfs-blocks

CSCsv66510

Smart Tunnel on Mac Leopard 10.5.x failing

CSCsv89645

ASA 8.04 - certificate chain not being sent when configured w/ IPSEC RA

CSCsv91391

L2TP with EAP auth stuck [%ASA-4-403102 - authentication pending]

CSCsv91564

Multiple certificates are installed to one trustpoint when importing.

CSCsw19588

Standby console freezes if user logs in prior to detecting mate

CSCsw25253

ssl vpn related memory corruption causes traceback

CSCsw37519

ENH Failover ability to switchover if FO LAN communication is severed

CSCsw41161

PMTUD - ICMP type 3 code 4 generated for GRE flow is dropped 313005

CSCsw47441

Java Applet Signing Error..plugins still use old expired certificate

CSCsw48687

Telnet and SSH bookmarks greyed out

CSCsw49953

custom dns group is ignored in WebVPN searches - error contacting host

CSCsw51809

sqlnet traffic causes traceback with inspection configured

CSCsw63453

"Error Contacting Host" when accessing CIFS shares with spaces

CSCsw70786

SACK is dropped when TCP inspection engines are used

CSCsw76595

PP: phone cannot register when configured as Authenticated on UCM

CSCsw77033

SSL VPN: Java-rewriter: memory leak implicating WebVPN

CSCsw81243

ASA webvpn auto-signon cmd help for FTP incorrectly show CIFS auth type

CSCsw83282

Watchdog failure in fover_FSM_thread

CSCsw88037

Traceback in IKE Daemon (Old pc 0x080f3c55 <ctm_wait_for_synchronous_com

CSCsw90161

Traceback on Standby after excuting "show vpn session remote"

CSCsw91072

Identity cert being imported without errors, if conflicting with CA cert

CSCsx03234

ASA automatically restarting after receiving OCSP response

CSCsx03294

1550 block leaks leading active ASA to reload

CSCsx03473

ASA traceback in Thread Name: netfs_thread_init

CSCsx07091

PIX/ASA LDAP authentication doesn't work over tunnel

CSCsx08270

PP: Explicit ACL deny will cause secure phones to fail registration

CSCsx15055

set nat-t-disable in crypto map does not override global nat-t config

CSCsx15589

"revocation check ocsp none" does not reject revoked certificates

CSCsx16147

Traceback in Thread Name: fover_parse

CSCsx19947

IGMP Join fails on subinterface after upgrade to 8.1(2)

CSCsx20038

Wrong counters in "show int" for Redundant interface

CSCsx22842

PPPoE re-negotiation does not start after short disconnect

CSCsx23611

VPN: TCP traffic allowed on any port with management-access enabled.

CSCsx25628

%PIX|ASA-3-713128  should be logged as a lower level message

CSCsx26947

ASA:  Password-Expiry fails for anyconnect when authorization is enabled

CSCsx27609

5580 traceback implicating snp_nat_find_portlist w/ stress test

CSCsx27851

Entering interface ? from cmd specific config mode returns to global cfg

CSCsx27861

Both ASAs are active when FO interfaces are directly connected

CSCsx29202

ASDM might show 'n/a - config out of sync' for top ACLs

CSCsx29872

SSL VPN: Script Errors When Accessing DWA 8.0.2

CSCsx30193

Failover slow to switchover when LAN interface connected with crossover

CSCsx31333

Spaces in DAP record name should be allowed

CSCsx34892

SNMP traps for certain contexts not generated

CSCsx35351

ASA 5505 ezvpn may leak memory due to startup errors

CSCsx35373

ASA may traceback with Thread Name: emweb/https

CSCsx40616

Citrix not working in 8.0.4.22

CSCsx41170

uauth inactivity timer not taking effect

CSCsx42122

ASA/CSD - certificate mapping does not work if CSD is enabled

CSCsx42142

static route: ASA should not accept static multicast routes

CSCsx43658

WebVPN CIFS: uploading files fails  sometimes to HomeServer

CSCsx44083

Traceback during large ACL Compilation - driver ioctl call

CSCsx50318

OCSP revocation stops working after some time on Cisco ASA

CSCsx50884

Adding shared interface to second context stops traffic to 1st context

CSCsx54449

ASA may processe LDAP password policy with no password-management

CSCsx54893

CSD: Unable to run smart-tunnel inside "browser only" vault

CSCsx57142

SIP Inspection Doesn't NAT Call-info field in SIP Notify message

CSCsx58682

ASA Local CA and caSe SenSiTiviTy - p12 file vs. username conflict

CSCsx59014

ASA allows VPN user although Zonelabs Integrity firewall rejects

CSCsx59403

Automatically added AAA command break ASA5505EasyVPN client after reboot

CSCsx59746

Tacacs Command Accounting does not send packet for 'nat-control'

CSCsx61755

aaa Page fault: Invalid permission when box is under moderate stress

CSCsx64804

CIFS URI cutoff after 15 characters

CSCsx65702

ASA traceback upon failover with interface monitor enabled

CSCsx65945

High memory usage in chunk_create

CSCsx68049

ASA - High CPU by function "branch_height" from CPU profile

CSCsx68765

VMWARE web applications (view/vdm) do not work with smart-tunnel

CSCsx70559

TCP Proxy drops the keepalives ACK sent on H225 conn, call gets dropped

CSCsx72410

Traceback in thread name Dispatch Unit

CSCsx73547

Stateful Conns Disappear From Standby During Failover

CSCsx77780

Adding shared interface to second context stops traffic to 1st context

CSCsx79918

Crypto CA limited to 65536 requests

CSCsx81472

ASA might automatically restart after issuing 'show vpdn'

CSCsx81722

ASA 8.0.4 traceback in Thread Name: IKE Daemon

CSCsx83353

WCCP Service Ports Missing in ASP Table when Adding Redirect ACL Entry

CSCsx94330

AC with CSD and DAP for Posture Assement matches wrong DAP Policy

CSCsx94849

Failover pair both become active after failover w/shortest timeout conf.

CSCsx95377

Adding host to http access results in Could not start Admin error

CSCsx95461

ifHighSpeed and ifSpeed values are zero for 10G operational interfaces

CSCsx95785

ifType values returns as other (1) for 10G interfaces

CSCsx97569

PIX/ASA traceback with Thread Name: CMGR Server Process

CSCsx99960

ASA5580-20 traceback in CP Processing

CSCsy04974

Syslog 113019 Disconnect reason not working

CSCsy05943

Adding pause frame sending capability for ASA 5580 10GE interface

CSCsy07794

Webvpn error recovery events caused by improper error handling

CSCsy08778

no pim on one subif disables eigrp on same physical of 4 ge module

CSCsy08905

process_create corrupt ListQ memory when MAX_THREAD is exceeded

CSCsy10473

ASA Improve RADIUS accounting disconnect codes for vpn client

CSCsy10830

Proper handling of robots.txt on Cisco ASA SSLVPN

CSCsy13488

DDNS: A RR update fails if cache entry exists in show dns-host

CSCsy14672

ASA might automatically restart in Thread Name: ppp_timer_thread

CSCsy20002

File upload causes hang without recovery

CSCsy21333

Traceback in Thread Name: aaa when using Anyconnect with certificate

CSCsy21513

PP: ASA should not reply to pings sent to MTA with outside interface IP

CSCsy21727

Failover pair is not able to sync config and stuck in Sync Config state

CSCsy22484

Cisco ASA may traceback after processing certain TCP packets

CSCsy23275

Smart Tunnels and POST parameters should be interoperable

CSCsy25908

ASA 8.2 Beta does not work with /31 subnet on failover interface config

CSCsy27395

qos: traceback in thread name: ssh, eip mqc_get_blt_def

CSCsy27547

Using phone-proxy got assertion "ip.ip_version == IP_VERSION_4"

CSCsy28792

ESMTP inspection drops DKIM signatured emails with content-type

CSCsy28853

inspect-mgcp: call-agent name and gateway name disappears after a reboot

CSCsy31955

Incorrect severity for ASA syslog message 106102

CSCsy47993

Names not supported in EIGRP summary-address command

CSCsy48250

"clear crypto ipsec sa entry" command doesnt work

CSCsy48626

Traceback due to illegal address access in Thread Name: DATAPATH-0-466

CSCsy48816

webvpn cifs unc url doesn't work

CSCsy49823

Interface fails to pass traffic because soft-np shows interface as down

CSCsy49841

ASA Traceback in Thread fover_FSM_thread with A/A FO testing

CSCsy50018

Lua recovery errors observed during boot in multiple-context mode

CSCsy50113

traceback in Dispatch Unit: Page fault: Address not mapped

CSCsy53263

Tacacs connection match accounting does not display port information

CSCsy53387

" crypto map does not hole match" message pops up during conditon debug

CSCsy56570

Redundant interface as failover link lose peer route after reload

CSCsy56739

Traceback on standby while processing write memory if context is removed

CSCsy60403

SSL rekey fails for AnyConnect when using client-cert authentication

CSCsy65734

ASA: traceback with thread name "email client"

CSCsy68961

ASA 5580 reboots with traceback in threat detection

CSCsy75800

Shared int  Mac add auto reload primary there will be some packet loss

CSCsy77628

the procedure of copying a file from ramfs to flash should be atomic

CSCsy80242

ASA: LDAP Password-expiry with Group-Lock locks users out

CSCsy81475

Traceback due to assert in Thread Name: DATAPATH-0-466

CSCsy82093

XSS via Host: header in WebVPN Request.

CSCsy83043

Redundant interface is down if any member is down at boot

CSCsy83106

Unable to add member interface to Redundant Interface

CSCsy85759

Remove "Server:" directive from SSL replies when CSD enabled

CSCsy86769

ASA5505 should not allow pkts to go thru prior to loading config

CSCsy86795

ASA - Log messages for all subinterfaces seen when adding just one vlan

CSCsy87867

ASA inspect pptp does not alter Call ID in inbound Set-Link-info packets

CSCsy88084

Smart Tunnel failing on MAC 10.5.6 with Firefox 2 and Safari

CSCsy90150

ASA doesn't properly handle large SubjectAltName field - UPN parse fails

CSCsy91142

Using name aliases for the interface will cause vpn lb to break

CSCsy96753

WebVPN Flash rewriter may not clean up all temporary files

CSCsy98446

Memory leaked when matching tunnel group based on URL

CSCsz02807

Logging standby can create logging loop with syslogs 418001 and 106016

CSCsz02849

Long delay before standby becomes active if unit holdtime misconfigured

CSCsz06329

Unexpect Syslog: No SPI to identify Phase 2 SA

CSCsz10924

Management port in promiscuous mode processes packets not destined to it

 

 

 

Revision:  Version 8.1.2(12) – 02/04/2009

File:  asa812-12-smp-k8.bin

Defects resolved since 8.1.2:

 

CSCeh26990 'asdm image' command added to config without user intervention
CSCsl41515 ASA traceback in Dispatch Unit (Old pc 0x00223a67 ebp 0x018b12f8)
CSCsm15079 ASA: 'vpn-idle-timeout none' behavior needs clarification
CSCsm24047 DNS query is sent out before cmd is completed when dns enabled
CSCsm36960 DAP: Error selecting any DAP records
CSCso66470 Failure of 4GE module stops failover from working
CSCsq19457 ERROR: entry for address/mask = 0.0.0.0/0.0.0.0 may break webvpn or ASDM
CSCsq43283 ASA traceback in thread webvpn_session_free
CSCsq48636 High CPU when nameif/security level changed for new interface
CSCsq56045 SSO with Radius challenge/response - OTP is reused for internal sites
CSCsq77997 SSL VPN: Rewriting errors when caching enabled
CSCsq84093 PIX/ASA: Accounting packet shows "unknown" as username
CSCsq87422 "show failover" on PIX does not show monitored interfaces after upgrade
CSCsq87533 DHCP Client not receiving DHCP ACK during addr renewal with DHCP relay
CSCsq91271 IKE FSM for AM responder gets into bad state + error loop
CSCsr00298 Keepalive period for asdm_logging is too long
CSCsr02395 copying config via tftp breaks through ipsec l2l tunnel
CSCsr09436 FTP buffer logging queue not cleared when logging is disabled
CSCsr11493 ASDM - read-only users receive "enter network password" popup
CSCsr39311 CM SIP Trunk call failures due to ASA closing connection by inspection
CSCsr40409 WebVPN: Group-URL feature fails when connection profile name has spaces
CSCsr53737 AnyConnect sessions dropped when Failover occurs with HostScan
CSCsr58672 CPU hog in nat module when acls are added
CSCsr65102 ASA 8.0.3.12 Traceback in Thread: aaa
CSCsr74265 ASA crypto HW error when trying to fragment small IP packet
CSCsr84465 Backup option in ASDM causes traceback on secondary unit with failover
CSCsu00218 ASA 8.0(4) WEBVPN: Web-Type ACL incorrectly denies traffic with DAP
CSCsu00947 Webvpn: RDP plugin: Ignore geometry if FullScreen parameter is present.
CSCsu03240 snmpgetnext not responding properly for cfwBufferStatValue OID
CSCsu05551 brief outage re-establishing failover link/state in active/active mode
CSCsu26592 ASA 7.2: FO replication not working for dACL with wildcard netmask
CSCsu37451 "Interface number is -1" and no incoming traffic for a vlan interface
CSCsu38259 ASP Classify Table for WCCP not Updated on Service Port Change from CE
CSCsu39077 Translation table webvpn.po has no entry password and verify password.
CSCsu44598 SQLNet inspection closes flow
CSCsu45313 Show capture generates traceback on ASA 5580 8.1
CSCsu47981 Failover of VPN connections not working with FIPS enabled
CSCsu58733 L2TP IPSec ASA send ESP packet with using old SA pair
CSCsu59140 Access-lists that use "interface" may not work if i/f changes
CSCsu62772 Compilation of large ACL causes traffic outage
CSCsu62782 VPN traffic gets dropped after rekey w/ multiple cry seq# for same peer
CSCsu63101 ASA pushes reversed mask and gw if dhcp-network-scope is in the GP
CSCsu65118 ASA: Traceback in Thread Name: ssh
CSCsu67417 Radius accounting request fails on ASA if we have many radius attributes
CSCsu68795 Redundant interface goes down after ASA resets
CSCsu69083 Incorrect Entry Installed in ASP Table for inbound TFTP by Phone Proxy
CSCsu69765 ASA nat command with VPN LB is lost after reload
CSCsu70543 ASA: LDAP doesn't do searchRequest for user if there is an "\" in cert
CSCsu71696 Traceback in netfs_thread_init: Page fault: Address not mapped
CSCsu72519 TD shuns UDP senders on standby ASA due to null-udp-session timeout
CSCsu73112 Traceback on standby ASA 5580 running 8.1.1.9
CSCsu73337 WebVPN: POST Plugin fails if no URL list defined
CSCsu75735 ASA 8.0.4 smart tunnel with auto-sign on sends wrong password to weburl.
CSCsu76101 Traceback in thread name Dispatch Unit
CSCsu77167 WebVPN: Group-URL fails with non default webvpn port
CSCsu77465 connection is not locked when releasing a child connection on standby
CSCsu77535 'error contacting host' accessing CIFS shares, occurs after 24 days
CSCsu79355 ASA: Isakmp SA not built out backup interface when route changes
CSCsu84438 WEBVPN CIFS: Must have at least dir list access when mounting subfolders
CSCsu85188 ASA 7.2.4.15 traceback at Thread Name: IKE Daemon
CSCsu88174 Traceback in failover synchronization
CSCsu88302 When global PAT pools exhausted FTP data connections might fail
CSCsu88534 Filtering applied to all dest. ports upon creation of a new intf
CSCsu90653 ASA: Disabling Isakmp User Auth Causes Webvpn Authentication to Fail
CSCsu92454 Standby 5580 Traceback in Thread Name: DATAPATH-7-563
CSCsu93506 Traceback in Thread Name: Dispatch Unit
CSCsu95114 ASA DHCP Relay Sourcing DHCP unicast msgs on udp 68 instead of udp 67
CSCsu97211 Traceback after configuring GTP inspection in second class
CSCsu97665 L2TP: Mac Group Name option is failing: SA Proposals Unacceptable
CSCsu97825 L2TP/IPSec with vpn-filters in group-policy misbehave
CSCsu99482 ASA differs from concentrator group and user dACL merge behavior
CSCsv01270 PIX memory stats through SNMP are incorrect
CSCsv02380 CSD's data.xml corrupted after upgrade
CSCsv03262 Unavailable tacacs doesn't trigger fallback to LOCAL authentication
CSCsv07104 clientless webvpn /smart tunnels usage triggers 256 byte block leak
CSCsv10354 ASA doesn't send client hostname to DHCP server for L2TP/IPSec clients
CSCsv10655 Traceback when Updating L2TP Username
CSCsv11062 Redistribute Command Does Not Check the Route-Map for Existence
CSCsv11650 mroute parsed incorrectly at startup when names used
CSCsv14927 Fragmented packets not passing through the shared interface on 5580
CSCsv15680 5580 traceback during Spirent stress test during 60s clientless ramp up
CSCsv16410 Incorrect routing for EIGRP with redundant interfaces
CSCsv19091 fragmented mcast forwarding broken when NAT is involved
CSCsv21224 ASA process invalid OSPF MD5 sequence numbers
CSCsv21501 Traceback caused by IKE functions
CSCsv24867 Stateful failover connections not deleted on standby ASA
CSCsv27829 ASA 5580 stops forwarding traffic while checking CRL
CSCsv28360 SSH/Telnet are not started on Standby Unit
CSCsv28869 HTTP server should send Last-Modified header field for .jnlp files
CSCsv32284 smart-tunnel command corrupting config when removed from DfltGrpPolicy
CSCsv34429 Unable to configure ntp server when static PAT for UDP/123 is configured
CSCsv39815 DAP: Bookmark URL list is not being concatenated
CSCsv42185 Suspected double free resulting in 5580 traceback
CSCsv42924 Traceback in ' Dispatch Unit' on ASA with AIP-SSM in Inline Mode
CSCsv42964 TD scanning-threat does not pick up the correct rate threshold in syslog
CSCsv43219 Traceback in Ike Daemon Thread
CSCsv43401 cifs browsing fails when accessing any folders under Japanese folder
CSCsv43552 Radius accounting request fails on ASA if we have many radius attributes
CSCsv44072 Traceback in Thread Name: IP Address Assign
CSCsv47296 sharepoint 2007:excel2003: upload file, edit, then opened does not open
CSCsv52800 Traceback in Dispatch Unit when phones re-register with different IP
CSCsv54122 ASA transparent mode: broadcast ARP reflected on same interface
CSCsv57765 Traceback in Thread Dispatch Unit with SIP and possible IPv6 address
CSCsv59046 Traceback in Unicorn Proxy Thread, abort: watchdog failure
CSCsv59883 ASA5510 Traceback when VPN timeout set to maximum
CSCsv63354 ASA 8.0.4.x - IPsec tunnel encaps get frozen after 500Mb of traffic
CSCsv65244 SSL VPN:Incorrect mangling of URLs starting with \\, like \\test-winc
CSCsv65768 Webvpn memory leak in ramfs-blocks
CSCsv65950 rri route disappearing after phase 2 rekey for dynamic l2l tunnel
CSCsv65986 Smart Tunnel Enhancement: inform users when Smart Tunnel starts
CSCsv73652 ASA 5580 traceback in Crypto CA (Page fault)
CSCsv73982 syslog 305005 issued despite valid nat/global config
CSCsv76871 ASA may reload with traceback in thread name: vpnlb_thread
CSCsv77900 ASA/PIX may reload with traceback in thread: Dispatch Unit (IPSEC CTCP)
CSCsv80536 ASA/PIX displays inconsistent value for 'Configuration last modified'
CSCsv81200 SQLNET transfer fails due to TCP proxy dropping unsupported TDS frames
CSCsv83232 Redundant ASA-507003 Syslog Printed for Denies by URL Filtering
CSCsv86408 Phone Proxy: packet re-ordering and delay causes popping sound in call
CSCsv87869 Assert due to access of stale data during cert authentication.
CSCsv89678 80-byte Block Exhaustion in EIGRP with Phone Proxy Configured
CSCsv89730 Trraceback when zonelabs-integrity server interface inside is configured
CSCsv91797 Nested Traceback: addressable memory check problem
CSCsv94394 Group-policy selected for the user is not passed to DAP properly
CSCsv95555 ASA may fail to send an ARP reply to zero-sourced request
CSCsv97790 Traceback: IKE Daemon (Old pc 0x0845712b <IkeDaemon+171>
CSCsv97892 Traceback with Thread Name: IKE Daemon
CSCsw14645 Unable to browse DFS share throught webvpn when DFS replication is used.
CSCsw14926 Traceback: Thread Name: IP Thread
CSCsw16801 first login attempt fails if TACACS+ server behind IPSEC tunnel
CSCsw18184 Ethertype ACL with multiple remarks causes traceback
CSCsw20027 JavaScript and Flash rewriter may leak memory
CSCsw24890 Wildcard in WebType ACL does not recognize special characters
CSCsw28388 ASA 8.04 - memory leak in DMA crypto free memory
CSCsw30301 Undefined message in AnyConnect page on WebVPN.
CSCsw31799 ASA traceback in thread Checkheaps
CSCsw32254 Traceback in 'ddns_dynamic_update_process' Thread
CSCsw33175 Route-map to redistribute OSPF into EIGRP does not take effect
CSCsw36505 ASA 5505 SVI goes down even though an active port exists in the vlan
CSCsw43719 AnyConnect standalone group-url:Password should be Passcode
CSCsw44081 Shut down Sub-Interface processes packets
CSCsw45716 RDP plugin not started with Java
CSCsw45739 rdp-plugin JAVA session does not have the "home" or "logout" buttons
CSCsw46571 ASA traceback in Thread Name: Unicorn Proxy Thread
CSCsw48684 Unable to start ssh or telnet through webvpn when webtype acl in place
CSCsw50940 ASA traceback with an Address Not Mapped reason
CSCsw51590 ASA/PIX may experience memory leak related to WebVPN (Chunkstat)
CSCsw51809 sqlnet traffic causes traceback with inspection configured
CSCsw61870 ASA not trying next DNS server when receiving rcode 2 (Server Failure)
CSCsw65973 AnyConnect prompt for user/pass after Smartcard cert authentication
CSCsw67427 ASA memory leak related to cert auth w/ webvpn
CSCsw69862 EZVPN with Autoconnect in NEM mode fails during rekey
CSCsw75418 pkts encrypt / pkts decrypt / pkts encaps / pkts decaps not shown
CSCsw75605 ASA 5580: U-turn not working for IPSec traffic
CSCsw75854 WebVPN: unmangled requests on ESS module of SAP
CSCsw80656 ASA drops SYN-ACK destined to L2L tunnel with no connection message
CSCsw85062 ASA5580 reloads after entering show crypto proto stat command
CSCsw91497 Multicontext Transparent firewall with ASR groups sets wrong Dest-MAC
CSCsx03746 "threat-detection statistics host" disappears
CSCsx04881 Webvpn bookmark redirects to webvpn logout page
CSCsx05766 Smart tunnel'ed bookmark does not load with Java 6 update 10 onwards
CSCsx07146 LDAP: watchdog reload while doing large AD Group list retrieval