Cisco
ASA Interim Release Notes
The software images listed below are Interim releases. They contain bug fixes which address specific issues found since the last Feature or Maintenance release. The images are fully supported by Cisco TAC and will remain on the download site only until the next Maintenance release is available. If you do not have a specific problem which is resolved by an Interim release, we recommend that you use the Feature or Maintenance release images.
Important: These images were not fully regression tested. Each individual fix was unit tested, and the image has had a limited amount of automated regression testing to confirm a baseline of functionality. Keep this testing status in mind if you decide to run them in a production environment. We strongly encourage you to upgrade to a fully tested Maintenance or Feature release when it becomes available.
Revision: Version 8.4.2(8) – 08/31/2011
Files: asa842-8-k8.bin,
asa842-8-smp-k8.bin
Defects resolved since 8.4.2:
|
ASA Increase LDAP & DAP max instances per attribute > 999 |
|
|
|
ASA may leave connection in half-closed state |
|
|
|
DHCP ACK not sent by the firewall. |
|
|
|
Traceback in Thread Name: Checkheaps due to logging |
|
|
|
ASA not sending all logging messages via TCP logging |
|
|
|
Clientless WebVPN Memory Leak Causes Blank Page after Authentication |
|
|
|
Write Mem on active ASA 8.3 produces log 742004 on standby |
|
|
|
ASA WebVPN doesnt rewrite URL Encoded Data in Location Response Header |
|
|
|
Assert Failure caused Traceback in Thread Name: Dispatch Unit |
|
|
|
ASA 8.0.5.9 Standby with a traceback in Thread Name:Checkheaps |
|
|
|
Cannot switchover member with two 10G interfaces redundant interface |
|
|
|
ASA 8.2.2.x traceback in Thread Name: Dispatch Unit |
|
|
|
Connections stay open w/ 'sysopt connection timewait' & NetFlow |
|
|
|
ASA hitless upgrade from 8.2 to 8.3: upgraded unit reload upon conf sync |
|
|
|
traceback in AAA eip AAA_BindServer+118 during AC connection |
|
|
|
Change in Layered Object Group Does Not Update NAT Table |
|
|
|
NAT Xlate idle timer doesn't reset with Conn. |
|
|
|
ASA may log negative values for Per-client conn limit exceeded messg |
|
|
|
ASA traceback when layer-2 adjacent TCP syslog server is unavailable |
|
|
|
ASA MSN Inspection Watchdog Crash |
|
|
|
ASA 8.2 flow control might not work for redundant interfaces |
|
|
|
ASA: Traceback in fover_parse thread after making NAT changes |
|
|
|
the packet is discarded when the specific xlate is exist. |
|
|
|
ASA fails over under intensive single-flow traffic |
|
|
|
Traceback in fover_FSM_thread with IPv6 failover on SSM-4GE-INC |
|
|
|
egress ACL packet drops erroneously counted on ingress interface |
|
|
|
correct error msg be displayed instead of "ERROR: % Invalid Hostname" |
|
|
|
ASA5580 traceback in DATAPATH-7-1353 |
|
|
|
Dynamic Filter DNS Snooping Database size too small |
|
|
|
WebVPN: Dropdown menu doesn't work in customized SharePoint 2010 |
|
|
|
ASA 8.4.1 traceback in Thread UserFromCert |
|
|
|
Standby ASA sends out IPv6 RA when IPv6 address is configured. |
|
|
|
ASA: L2TP and NAT-T overhead not included in fragmentation calculation |
|
|
|
ASA SMR - multicast packets no longer forwarded upon interface failure |
|
|
|
multicast packets dropped in the first second after session creation |
|
|
|
CSCto40365 |
Crafted TACACS+ reply considered as
successful auth by ASA |
|
|
ASA fails to process the OCSP response resulting in the check failure |
|
|
|
FWSM: DCERPC inspection of packet with multiple segments fails |
|
|
|
can not access cifs folder with japanese character |
|
|
|
ASA running 8.4.1 does not detect external flash, needs a reload |
|
|
|
SAP Portal - Event Tracking Script fails to display correclty |
|
|
|
Traceback with phone-proxy Thread Name: Dispatch Unit |
|
|
|
FO cluster lic doesnt work if primary reboots while secondary is down |
|
|
|
ASA AC failure due to slow memory leak: "Lua runtime: not enough memory" |
|
|
|
ASA does not send Anyconnect profile when Radius pushes profile |
|
|
|
IPv6 traffic not updated after neighbor changes |
|
|
|
ASA Sequence of ACL changes when changing host IP of object network |
|
|
|
ASA sends invalid XML when tunnel-group name contains & |
|
|
|
ASA: Traceback in ci/console on Standby unit |
|
|
|
SunRPC inspection DUMP reply crash |
|
|
|
SunRPC
inspection credential length crash |
|
|
|
SunRPC
inspection arithmetic overflow in parse_transport_address |
|
|
|
SunRPC
inspection arithmetic overflow in portmap code |
|
|
|
ISAKMP dropped after boot if ASA doesn't have IP address while booting |
|
|
|
Threat-detecton stats showing incorrect output |
|
|
|
WebVPN : bytes lost in ftp uploading using IE via smart tunnel |
|
|
|
VPN-Filter Not Applied When AC Initiated Through Weblaunch |
|
|
|
ASA traceback when connecting with Android L2TP/IPsec client |
|
|
|
Java RDP plugin doesn't work with sslv3 on ASAs |
|
|
|
asa 8.4, failover , ospf routing can not update rightly. |
|
|
|
CSD scan happens for SSL VPN when connecting via group alias |
|
|
|
Unable to remove trustpoint - ERROR: The trustpoint appears to be in use |
|
|
|
ASA calculates ACL hash inorrectly |
|
|
|
ASA 8.4.1 : 1550 byte block depletion w/ alloc_pc 0x8553ab8 |
|
|
|
ASA rebooted unit always become active on failover setup |
|
|
|
Using non-ASCII chars in interf desc makes the ASA reload with no config |
|
|
|
OWA 2007 via WebVPN Sessions fail to get notifications of new emails |
|
|
|
Cannot point IPv6 route to a link-local that matches other intf |
|
|
|
CSCtq57697 |
ILS inspection traceback
on malformed ILS traffic |
|
|
Degraded Xlate Teardown Performance |
|
|
|
Webvpn/mus memory leak observed in 8.4.1.63 |
|
|
|
IKEv2 - ASA does not send intermediate certs for server cert |
|
|
|
IKEv2 DPD is sent at an interval not correlating to the specified value |
|
|
|
Interface "description" command allows for more than 200 characters. |
|
|
|
After the interface IP is changed, ASA does not allow UDP 500 to new IP |
|
|
|
ASA traceback due to dcerpc inspection. |
|
|
|
ASA wont take "ip audit info action alarm" under "crypto ca" subcommand |
|
|
|
ASA traceback in thread Dispatch Unit |
|
|
|
ASA 5505 logs "INVALID_NICNUM" messages to console |
|
|
|
Active SSH connection orphaned if 'clear config all' is run |
|
|
|
Failure to migrate named interfaces in ctx to 8.4 bridge group syntax |
|
|
|
L2L - IPSEC Backup- Peer list is not rotated/cycled with dual failure |
|
|
|
Webvpn portal contents disappear once bookmark user-storage is enabled |
|
|
|
lightview based Modal Elements do not work with webvpn |
|
|
|
To-the-box traffic fails from hosts over vpn after upgrade to 8.4.2 |
|
|
|
ASA: Certificate renewal from same CA breaks SSLVPN |
|
|
|
ASA threat detection does not show multicast sender IP in statistics |
|
|
|
ASA fails to send Radius attribute 8 framed IP address for IKEv2 |
|
|
|
Traceback in Dispatch Unit when replicating xlates to standby |
|
|
|
Java AJAX session does not work over SSLVPN |
|
|
|
ASA - panic traceback when issuing show route interface_name |
|
|
|
ASA 5580 traceback with DATAPATH-2-1024 thread |
|
|
|
ASA - Reload in Thread Name: PIM IPv4 |
|
|
|
Clientless webvpn remove forward slash in POST Request-URI |
|
|
|
ASA: asr-group in TFW A/A FO doesn't rewrite dst MAC for IP fragments |
|
|
|
conns are not fully replicated to standby if config has many ACLs |
|
|
|
5585 735XXX syslogs reporting wrong id |
|
|
|
5585 show environment power output unclear |
|
|
|
connections are not replicated to standby unit |
|
|
|
Enabling AC Essentials should logoff webvpn sess automatically |
|
|
|
backslash in username for ftp over webvpn changed to semi-colon |
|
|
|
Active ASA traceback Thread: DATAPATH-3-1290, rip spin_lock_get_actual |
|
|
|
ASA LDAP support for searching with value range retrieval |
|
|
|
ASA logs "INVALID_NICNUM" messages to console |
|
|
|
Java RDP plugin traceback when using empty user in URL to Win2008 server |
|
|
|
CS: undebug
all command doesn't disable debug crypto ca server |
||