Cisco
ASA Interim Release Notes
The software images listed below are Interim releases. They contain bug fixes which address specific issues found since the last Feature or Maintenance release. The images are fully supported by Cisco TAC and will remain on the download site only until the next Maintenance release is available. If you do not have a specific problem which is resolved by an Interim release, we recommend that you use the Feature or Maintenance release images.
Important: These images were not fully regression tested. Each individual fix was unit tested, and the image has had a limited amount of automated regression testing to confirm a baseline of functionality. Keep this testing status in mind if you decide to run them in a production environment. We strongly encourage you to upgrade to a fully tested Maintenance or Feature release when it becomes available.
Revision: Version 8.4.1(11) – 05/20/2011
Files: asa841-11-k8.bin,
asa841-11-smp-k8.bin
Defects resolved since 8.4.1:
|
CS: undebug
all command doesn't disable debug crypto ca server |
|
|
Conns
should update when using dynamic protocol and floating statics |
|
|
Traceback
on ACL modify: assertion "status" at "stride_terminal_node.c" |
|
|
Clientless webvpn
on ASA cannot save .html attached file with IE6 OWA |
|
|
Linkdown,
Coldstart SNMP Traps not sent with certain snmp-server config |
|
|
ASA NAT: LU allocate xlate failed error |
|
|
Low performance over shared vlans in multi-mode |
|
|
Removing HTTP server caused page fault traceback |
|
|
dynamic-filter
database update triggers cpu-hog |
|
|
Mngt-access
(ASDM,SSH) to inside intf
of 5580 fails over RA VPN session |
|
|
ASA Traceback
in Thread Name: snmp / checkheaps |
|
|
WebVPN: "Invalid Canary"
error for different options in OWA 2010 |
|
|
WebVPN: Bad performance on Internet
Explorer 8 for OWA 2010 Premium |
|
|
ASA - VPN load balancing is disabled
after failover |
|
|
WebVPN CIFS: 'Authentication error',
when DFS host is not reachable |
|
|
WebVPN: Preview mode for emails works
improperly for DWA 8.5.1 |
|
|
ASA WebVPN doesnt
rewrite URL Encoded Data in Location Response Header |
|
|
ASA tracebacks
in Thread Name: Dispatch Unit |
|
|
PIM packet with own source address seen
after failover on standby peer |
|
|
AC reports 'certificate validation
failed' with VPN LB intermittently |
|
|
SNMP: ASA responds after two SNMP
requests |
|
|
BG: Same MAC-address not allowed in two
different bridge groups |
|
|
ASA fails to delete an existing object in
object-group |
|
|
Control-plane feature not working for
https traffic to-the-box |
|
|
The file name is garbled as downloading
through SSLVPN and CIFS. |
|
|
EIGRP metrics will not update properly
on ASA |
|
|
WebVPN: Empty emails content for OWA
2010 through Firefox |
|
|
ARP table not updated by failover when
interface is down on standby |
|
|
Traceback
with thread name netfs_thread_init |
|
|
ASA traceback
when using a file management on ASDM |
|
|
CPU Hog in "NIC status poll"
when failing over redundant intf members |
|
|
ASR trans FW rewrites wrong dst. MAC when FO peers active on same ASA |
|
|
Traceback
in mmp inspection when connecting using CUMA proxy
feature. |
|
|
ASA: SYN may change close-wait conn to SYN state |
|
|
Problems with Intranet Page displaying
when defined as Home Page w/ASA |
|
|
Page fault traceback
on standby in QOS metrics during idb_get_ifc_stats |
|
|
ASA - VPN outbound traffic stalling
intermittently after phase 2 rekey |
|
|
ASA webvpn;
certain ASP elements may fail to load/display properly |
|
|
Failed to update IPSec failover runtime
data on the standby unit |
|
|
ldap-password-management
fails if user password contained & (ampersand) |
|
|
IPSec/TCP fails due to corrupt SYN ACK
from ASA when SYN has TCP option |
|
|
WebVPN: ASA fails to save HTTP basic
authentication credential |
|
|
ASA: multiple rules in Name Contraints
certificate extension fails |
|
|
certificate
name contraints parsing fails when encoding is
IA5String |
|
|
Customers Application HQMS being broken
by Webvpn Rewriter |
|
|
WebVPN:flv file within the Flowplayer object is not played over webvpn |
|
|
ASA - no names applied to the config when refreshing the config
on ASDM |
|
|
Primary stays in Failed state while all
interfaces are up |
|
|
ASA as EasyVPN
Client failure on WAN IP Change when using 'mac-exempt' |
|
|
ASA traceback
in transparent mode due to tcp reset |
|
|
Standby unit sends ARP request with
Active MAC during config sync |
|
|
Webvpn:
Java-Trustpoint cmd
error, doesn't accept MS code-signing cert |
|
|
Group enumeration possible on ASA |
|
|
a
space inserted behind video port number after SIP inspect with PAT on |
|
|
Watchdog timeout traceback
following "show route" |
|
|
Webvpn,
SSO with Radius, CSCO_WEBVPN_PASSWORD rewritten with OTP, 8.3 |
|
|
OWA login page strip "\" from
"domain\username" |
|
|
HA replication code stuck -
"Unable to sync configuration from Active" |
|
|
timeout
command for LDAP in aaa-server section doesn't work |
|
|
Memory leak in occam
new arena |
|
|
ASA traceback
in Thread Name:radius_rcv_auth |
|
|
IKE Session :
Cumulative Tunnel count always shows Zero |
|
|
SSH processes stuck in ssh_init state |
|
|
Add support to NAT CLI for PAT-Pools
and round-robin algorithm |
|
|
Webvpn
memory pool may report negative values in "% of current" field. |
|
|
ASA locks up port with mus server command |
|
|
OpenSSL
Ciphersuite Downgrade and J-PAKE Issues |
|
|
WebVPN incorrectly rewrite logout link
of Epic app through Firefox |
|
|
MUS debugs are running with no mus configured |
|
|
IKE proposal for L2TP over IPSec global
IKE entry match is duplicated |
|
|
ASA rewriter: radcontrols
based AJAX/ASP website not working properly |
|
|
snmpwalk
for crasLocalAddress reports: No Such Instance
currently exists |
|
|
Error entering object group with
similar name as network object |
|
|
Failover interface monitoring only
works with the first ten interfaces. |
|
|
"clear conn" behaviour is
inconsistent with "show conn" |
|
|
Traceback
in Dispatch Unit due to dcerpc inspection |
|
|
ASA reload in thread name rtcli when removing a plugin |
|
|
SSL handshake - no certificate for uauth users after 8.2.3 upgrade |
|
|
ASA not posting correct link with Protegent Surveillance application |
|
|
UTC time not shown when clock set
through user configuration |
|
|
DAP ACL in L2TP doesn't get applied
after successful connection |
|
|
The javascript
is truncated when accessing via WebVPN portan on
ASA |
|
|
vpn-filter
removed incorrectly from ASP table with EzVPN hw
clients |
|
|
Cut-through Proxy - Inactive users
unable to log out |
|
|
ASA 8.3 with Static NAT - passes
traffic with translated IP in the acl |
|
|
Redundant switchover occurs
simultaneously on failover pair |
|
|
Default "username-from-certificate
CN OU" doesn't work after reload |
|
|
ASA TCP sending window 700B causing CSM
deployment over WAN slow |
|
|
ASA - Traceback
in thread DATAPATH-6-1330 |
|
|
Invalid internal Phone Proxy trustpoint names generated by imported CTL |
|
|
Traceback
in DATAPATH-2-1361, eip snp_fp_punt_block_free_cleanup |
|
|
ASA WEBVPN: POST plugin
- Can not find server
.plugins. or DNS error |
|
|
VPN ports not removed from PAT pool |
|
|
Lister channel gets lost on aborted new
connection |
|
|
IKE fails to initialize when minimal
data is sent to pub int. |
|
|
'show mem' reports erroneous usage in a virtual context |
|
|
Timeout needs twice time of configured
timeout for LDAP in aaa-server |
|
|
IPv6 ping fails when ping command
includes interface name. |
|
|
ASA SAP purchasing app may display
incorrectly over webvpn |
|
|
L2L IPv6 tunnel with failover not
supported Syslog Broken |
|
|
ESMTP Inspection Incorrectly Detects
End of Data |
|
|
ASA 8.2.4 402126: CRYPTO: The ASA
created Crypto Archive File |
|
|
ASA 5520 traceback
in thread emweb/https |
|
|
EIGRP default-route is not displayed w/
"ip default-route" route removed |
|
|
URLs in Hidden Input Fields not
Rewritten Across WebVPN |
|
|
ASASM: ASDM causes traceback
during context creation |
|
|
FTP transfer fails on Standby ASA -
uses wrong IP add. in PORT command |
|
|
ASA fails over under intensive
single-flow traffic |
|
|
One-to-many NAT with "any"
interface not working with PPTP and FTP |
|
|
ASA: police command with exceed-action
permit will not replicate to Stby |
|
|
Bookmark macro in post parameters is
not replaced with correct user/pass |
|
|
ASA 8.4.1 traceback
on thread name ldap_client_thread with kerberos |
|
|
ASA stops handling ikev2 sessions after
some time |
|
|
ASA(8.3)
adds a trailing space to the object name and the description |
|
|
egress
ACL packet drops erroneously counted on ingress interface |
|
|
VPN ports not removed from PAT pool
(UDP cases) |
|
|
BTF DNS-Snooping TTL maxes out at 24
hours, less than actual TTL |
|
|
Search query timeout/errors in SAP
purchasing portal via clientless |
|
|
ASA Traceback
in Thread Name: snmp |
|
|
Traceback:
Thread Name: DATAPATH-3-1276 |
|
|
"Clear conf all" reboots ASA
with EIGRP authentication key configuraiton |
|
|
ASA: override-account-disable does not
work without password-management |
|
|
AnyConnect DTLS Handshake failure
during rekey causes packet loss |
|
|
ASA: Memory leak in PKI CRL |
|
|
Traceback
while replicating xlates on standby |
|
|
WebVPN: Office WebApps
don't work for SharePoint 2010 in IE |
|
|
"ip local pool" incorrectly rejected due to
overlap with existing NAT |
|
|
Easy VPN authentication may consume AAA
resources over time |
|
|
DTLS handshake fails on ASA when client
retransmits ClientHello |
|
|
asa
traceback on 8.3.2.13 Thread Name: Dispatch Unit |
|
|
call-home
config auto repopulates after reboot |
|
|
ASA traceback
in 8.4.1 with memory failure errors on IKE daemon |
|
|
FTP transfers fail with NAT configured
on multi-core ASAs (5580/5585) |
|
|
ASA: Ldap
attributes not returned for disabled account |
|
|
ASA may traceback
when using trace feature in capture |
|
|
ASA 8.4.1 traceback
in Thread Name: ssh with Page fault |
|
|
DAP terminate msg
not showing for clientless, cert only authentication |
|
|
ASA uses a case-sensitive string
compare with IBM LDAP server |
|
|
ASA: 8.3 upgrade to 8.4, Shared VPN
Licensing config lost unable to conf |
|
|
ASA reset TCP socket when RTP/RTCP
arrives before SIP 200 OK using PAT |
|
|
HA: Failover LU xmit/rcv
statistics is different on Active and Standby |
|
|
OSPF Failover causes 5 second
convergence delay |
|
|
Traceback
in Thread Name: gtp ha bulk sync with failover config |
|
|
ASA Sequence of ACL changes when
changing host IP of object network |
|
|
ST not injected in mstsc.exe on 32-bit
Win 7 when started through TSWeb |
|
|
Unable to login to SAP application via
WebVPN portal |
|
|
External Portal Page Macro substitution fails |
|
|
VPN RA session DAP processing fails with memberOf from OpenLDAP |
|
|
Host listed in object group TD shun
exception gest shunned |