Open Caveats - Version 7.2(2)とResolved Caveats - Version 7.2(2)
リリースノートより、Open Caveats - Version 7.2(2)とResolved Caveats - Version 7.2(2)を抜粋。
| Open Caveats - Version 7.2(2) | ||
| Table 2 Open Caveats DDTS Number | Software Version 7.2(2) | |
| Corrected | Caveat | |
| CSCsd50888 | No | L2TP: connections fail intermittently -> error 678: There was no answer |
| CSCse88291 | No | ASA crashes with WEBVPN user login when memory is running low. |
| CSCse92565 | No | Traceback in Thread Name: tmatch compile thread after clear config all |
| CSCsf04123 | No | Packet drops through VPN due to No route to VPN_peer_ip_address |
| CSCsf05298 | No | Citrix not supported with CSC module |
| CSCsf13404 | No | PIX cosmetic high memory use in context show memory |
| CSCsf25418 | No | Traceback in Thread Name: tmatch compile after assert |
| CSCsf27202 | No | AAA Radius NAS-Port-Type not sent in authentication request |
| CSCsg03102 | No | Minor correction to vpn-addr-assign command reference documentation |
| CSCsg20953 | No | WebVPN sessions created in the Secure Desktop don't expire |
| CSCsg26668 | No | Undefined CSCO functions in JavaScript-generated HTML |
| CSCsg34853 | No | Traceback with Thread Name: Dispatch Unit |
| CSCsg38186 | No | Traceback in Thread Name: Dispatch Unit |
| CSCsg43591 | No | SCP connection to PIX fails |
| CSCsg46962 | No | WebVPN some functions do not work in javascript |
| CSCsg47023 | No | L2TP Connections with Certificates to ASA Fail to Connect |
| CSCsg47241 | No | Traceback when parsing LDAP config |
| CSCsg48442 | No | Ping through ASA fails when using interface PAT on PPPoE interface |
| CSCsg53120 | No | ASA WebVPN Time-out on Database Requests |
| CSCsg56876 | No | ASA may crash after applying http or IM deep inspection |
| CSCsg60095 | No | VPN traffic permitted by vpn-filter is denied |
| CSCsg61719 | No | SNMP: Coldstart Trap is not sent |
| CSCsg62488 | No | Traceback in Thread Name: Unicorn Proxy Thread |
| CSCsg62878 | No | ocsp signer crl checking with crl none is not falling back to none |
| CSCsg63145 | No | Traceback with Thread Name: PIX Garbage Collector |
| CSCsg64427 | No | Compression: Can't turn off http-comp |
| CSCsg64450 | No | FO: http auth message should be supressed on standby console |
| CSCsg64948 | No | 1550 blocks exhausted during radius authentication stress test |
| CSCsg65434 | No | Multiple ipsec peers : PIX/ASA stops processing the IPSEC peers list |
| CSCsg66126 | No | Large H.323 Registrations Fail through PIX |
| CSCsg67443 | No | ASA Fails Recursive Route Lookup |
| CSCsg67961 | No | L2TP: IKE rekeying prior to IPSec rekey terminates MAC L2TP |
| CSCsg68141 | No | Show run router causes traceback in thread name: ci/console |
| CSCsg69275 | No | 1017-88 byte blocks leaked: _tmatch_summary_func+2877 after vpn sys test |
| CSCsg69281 | No | 3000 - 576 byte blocks leaked: _kernel_delete_sa+39 after vpn sys stress |
| CSCsg69408 | No | Need warning when using time based ACLs with policy NAT/PAT |
| CSCsg69448 | No | Need to update 7.x conf guides, time based ACLs not supported w/nat-pat |
| CSCsg69469 | No | Incorrect user privileges when logging in with ASDM 5.2.1.54 |
| CSCsg69998 | No | tcp intercept not working when the inside host is running windows OS. |
| CSCsg70012 | No | no sysopt noproxyarp c1in failed to remove noproxyarp for interface c1in |
| CSCsg70698 | No | Session timer is not reset during WebVPN ActiveX and Java tunneling |
| CSCsg71369 | No | P1 SA stuck in AM_FREE on secondary for ipsec sessions using net ext mod |
| CSCsg71416 | No | encrypt rules added in wrong order - NEM misconfig causes data issues |
| CSCsg71534 | No | 40 P1 sa's got stuck in MM_Wait_Delete on secondary w/vpn system test |
| CSCsg71579 | No | Programming assertion malloc.c:3822 on secondary after failover from pri |
| CSCsg73076 | No | L2TP/IPSEC to ASA with certificates fails over low speed ISDN |
| CSCsg73376 | No | Traceback in Thread Name: ci/console with large config tftp download |
| CSCsg75094 | No | LDAP: ASA caanot authenticate to Active Directory using MD5 |
| CSCsg75996 | No | Radius authentication with downloadable acls causes crash |
| CSCsg76777 | No | 7.2 transparent / change of behavior : ASA does not retain the src mac |
| CSCsg77097 | No | WebVPN OWA 2003 email.cisco.com inbox fails to load intermittent |
| CSCsg77099 | No | WebVPN Java archives with uncompressed entries fail through rewriter |
| CSCsg77390 | No | AAA: port-to-port static for port 80 and aaa http listener on same ifc |
| CSCsg77841 | No | Cfg Guide: remove flash size match from failover hw criteria |
| CSCsg78524 | No | With WebVPN login we type it once incorrectly and the ASA tries 3 times |
| Resolved Caveats - Version 7.2(2) | ||
| Table 3 Resolved Caveats DDTS Number | Software Version 7.2(2) | |
| Corrected | Caveat | |
| CSCei33965 | Yes | MPC embryonic timoeout value overwrite global conn timeout |
| CSCek62768 | Yes | crash in Unicorn Proxy Thread with large WebVPN session count in build30 |
| CSCsb54431 | Yes | clear in unpriviledged mode should be removed if not applicable. |
| CSCsb63230 | Yes | Need a command to perform SSM password recovery from the ASA CLI |
| CSCsc01694 | Yes | CRC errors on SSM-4GE Electrical ports on initial bringup |
| CSCsc37965 | Yes | IP-directed broadcasts no longer allowed through device. |
| CSCsc89262 | Yes | Syslog 722007 (WEBVPN_SVC_MSG_EMERG) severity needs to be changed |
| CSCsd13314 | Yes | show service policy flow' command shows incorrect flow match |
| CSCsd40989 | Yes | L2TP: Populate client type/version within session database |
| CSCsd45605 | Yes | 2 routes to same n/w w same metric different ifx should not be allowed |
| CSCsd52578 | Yes | Traceback in thread: snp_timer_thread |
| CSCsd54495 | Yes | Traceback eip _strdup(0xebacac)+0x78 with large customer configuration |
| CSCsd57264 | Yes | MPF: type syntax in help policy-map is missing a ] |
| CSCsd58688 | Yes | SVC connections are not exempt from aaa authentication rules like IPSec |
| CSCsd59295 | Yes | WCCP static bypass not working with vlan interfaces |
| CSCsd59936 | Yes | Registering to the RP for PIM fails if fragmented in more then 12 packs |
| CSCsd60448 | Yes | Proxy-bypass with automatic choice of target server |
| CSCsd64749 | Yes | Failover: automatic removal of SSL trustpoint not replicated to stdby |
| CSCsd67093 | Yes | PPPoE:Vpdn group for PPPoE shouldn't be configurable in Transparent mode |
| CSCsd67160 | Yes | PPPoE:ip address pppoe cmd shouldn't be configurable in multi mode |
| CSCsd70581 | Yes | Crash output to console has incomplete configuration |
| CSCsd71387 | Yes | EzVPN: Tback IKE Daemon (Old pc 0x00507425 ebp 0x0333c6d8) |
| CSCsd74328 | Yes | Traceback when changing sec level on an ifc and failover cfg with NAT |
| CSCsd74551 | Yes | Add NP drop reason documentation for WCCP drops |
| CSCsd81262 | Yes | CA cert with spaces could fail to install |
| CSCsd81294 | Yes | crypto ca import' of SSL cert may traceback in Thread Name: accept/http |
| CSCsd82307 | Yes | FO: CLI position can get out of sync causing cmd replication failures |
| CSCsd82575 | Yes | unexpected IGMP joins sent when configuring multicast routing |
| CSCsd84011 | Yes | REGEX: ^ (match from beginning of text) does not work in some cases |
| CSCsd88471 | Yes | VPNLB SVC uses virtual cluster certificate after redirecting to a master |
| CSCsd91587 | Yes | functioning email proxy session generates syslog message error |
| CSCsd93380 | Yes | Packets for VPN-l2l peer get dropped instead of encrypted |
| CSCsd94372 | Yes | dhcp proxy: no RELEASE sent after failover and disconnect of vpn client |
| CSCse00996 | Yes | tcp normalizer drop to-the-box traffic not conforming to RFC793 (MSS) |
| CSCse01293 | Yes | Traceback in Thread Name: arp_forward_thread |
| CSCse02354 | Yes | Traceback in Thread Name: Dispatch Unit |
| CSCse03176 | Yes | Problem of group-name used in 'sasl-mechanism kerberos group-name' |
| CSCse05819 | Yes | PIX: 33MHz GIG cards show speed/duplex unknown if nonegotiate configured |
| CSCse07242 | Yes | Traceback in pix_flash_config_thread |
| CSCse08726 | Yes | LDAP group-based policy Enforcement shouldn't require Cisco schema |
| CSCse08746 | Yes | ASA send Radius attribute 31 source IP address as 0.0.0.0 |
| CSCse09458 | Yes | RadiusSDI feature of VPN Client fails with blank XAUTH text |
| CSCse09503 | Yes | Syslog 304001 not generated when strict-http action allow log configured |
| CSCse10096 | Yes | i2c_write_byte_w_suspend() error after rebooting ASA5505 |
| CSCse10714 | Yes | Shun behavior change in 7.x |
| CSCse12021 | Yes | Error msg change when attempt auth-srvr-group None in ipsec tunn-grp |
| CSCse13544 | Yes | Increase in memory usage after enabling-disabling webvpn |
| CSCse14296 | Yes | Trustpoint not found if ASA not enrolled with the trustpoint |
| CSCse15854 | Yes | clear config webvpn only partially clean-up proxy-bypass... |
| CSCse15977 | Yes | Traceback when two admin sessions are working on the same capture |
| CSCse17176 | Yes | SUA policy is unspecified -WEB login requires user to authenticate twice |
| CSCse17638 | Yes | IM: Misc CLI issues |
| CSCse17660 | Yes | Incorrect LDAP debug error when incorrect RDN configured |
| CSCse18005 | Yes | PIX/ASA originate-only VPN fails to create dynamic ACL |
| CSCse19020 | Yes | PPTP Pass-through not working due to inspection |
| CSCse20501 | Yes | Passive FTP to Multinet server fails |
| CSCse20538 | Yes | IKE Syslogs 713041 713042 should specify interface name |
| CSCse21451 | Yes | Memory leak in VPN fover module during failover config syncing |
| CSCse22330 | Yes | Traceback in Thread Name: Dispatch Unit |
| CSCse22332 | Yes | Failed to deploy config when first line in config contain ! character |
| CSCse22659 | Yes | CIFS server names limited to 15 characters |
| CSCse22668 | Yes | CIFS should use DNS lookups for long server names |
| CSCse23164 | Yes | traceback in thread Name: qos_metric_daemon |
| CSCse23165 | Yes | Message sent to client when aaa authorization fails has changed |
| CSCse23554 | Yes | Memory leak within event_smtpmgr:es_SmtpSndMSG function |
| CSCse23751 | Yes | Nested tracebacks may not stop without manual device reload |
| CSCse24432 | Yes | DHCPRelay: Some clients may not get NACKs |
| CSCse24537 | Yes | RIP: [no] access-list defined in distribute-list should display err msg |
| CSCse24921 | Yes | debug icmp does not show request packet being sent |
| CSCse25515 | Yes | FO: dhcpd warnings seen on standby during replication of config |
| CSCse26317 | Yes | inspect radius-acct: show user with IP cuasing err msg w/ multiple pmaps |
| CSCse26469 | Yes | Cannot store more than one vpdn username/password pairs locally |
| CSCse27184 | Yes | basic attribute is not checked in all mode config attributes, may reload |
| CSCse27249 | Yes | FO: interface monitoring not working on most recent created interface |
| CSCse27787 | Yes | AIC SIP: SIP messages might fail state-check knob when record-route on |
| CSCse28430 | Yes | MS AD-LDAP: set default RDN-Naming Attribute to be sAMAccountName |
| CSCse28540 | Yes | LDAP admin bind: support secure SASL-MD5 and SASL-Kerberos methods |
| CSCse29700 | Yes | WebVPN and SVC Sessions being disconnected due to Idle Timeouts 40+Days. |
| CSCse29840 | Yes | AdmissionConfirm received without an AdmissionRequest, ACF dropped |
| CSCse30049 | Yes | SSH conns to the box not removed after a Failover |
| CSCse30061 | Yes | VPN decompress error when decrypting packet with IP compression |
| CSCse30102 | Yes | VPN dynamic ACL can be deleted from the CLI |
| CSCse30616 | Yes | ASA VPN load balancing cannot ping cluster ip address |
| CSCse32309 | Yes | Timeout of secondary flow causes traceback in Thread Name: Checkheaps |
| CSCse33143 | Yes | Dynamic ACL created under with command access-list <name> d ... |
| CSCse33211 | Yes | aaa http authentication doesnt work when interface IP is named |
| CSCse33736 | Yes | DoD Certs:Subject Alternative Name support for VPN Author for IPSec RA |
| CSCse33851 | Yes | H.225 releasecomplete message was dropped by the firewall |
| CSCse33986 | Yes | Small memory leak when tunnel denied due to unavailable Integrity Server |
| CSCse34179 | Yes | MFW-R: traceback in 'clear cfg all' during a performance test. |
| CSCse34477 | Yes | ESMTP: mail-relay param w/o any action accepted, junk chars in sho run |
| CSCse34508 | Yes | ESMTP: help mail-relay display needs changes |
| CSCse34540 | Yes | telnet and http(asdm) conns are not removed after failover |
| CSCse35370 | Yes | AIC SIP: should not allow overwrite inspect sip <pmap> @ default class |
| CSCse35566 | Yes | Traceback with 'Thread Name: Dispatch Unit' on clear xlate |
| CSCse35610 | Yes | traceback in ci/console after editing group-p CLI sitting at more prompt |
| CSCse35636 | Yes | RTP Conformance print SSRC re-initializing message for bad SSRC Packet |
| CSCse36112 | Yes | PIX/ASA never processes huge access-list if it runs short of memory |
| CSCse36519 | Yes | IM: MSN code improvement to reduce the risk of false positives |
| CSCse36691 | Yes | Traceback on 'cl conf all' with delay-free-poisoner enabled |
| CSCse37315 | Yes | AIC DNS - Traceback after removing certain MPF actions with DNS traffic |
| CSCse37733 | Yes | ASA Crash with nat ID as 0 |
| CSCse37787 | Yes | Traceback after becoming Active with VPN connections |
| CSCse38062 | Yes | ICA Client users cannot connect to Citrix through WebVPN |
| CSCse38087 | Yes | Kerberos authentication fails after during stress test in multiple-mode |
| CSCse38659 | Yes | unexpected IGMP rejoins when joins previously cfg'd and mcast re-enabled |
| CSCse39344 | Yes | AD UserAccountControl attrib not enforced if using LDAP Authorization |
| CSCse40332 | Yes | ASA multiple mode rollback of config failed for admin and other VC |
| CSCse40671 | Yes | RTSP w/PAT, PIX set client_ports to NULL |
| CSCse40704 | Yes | Lock IMB boot code |
| CSCse41071 | Yes | ldap-login-password not hidden in config |
| CSCse41663 | Yes | WebVPN using SDI Auth - New PIN mode does not work - IPSec OK |
| CSCse42014 | Yes | Java applets archive mangling fails when the codebase is a full url |
| CSCse42332 | Yes | ASA5505: PORT up/down stat is not reflected in show stat + more |
| CSCse42413 | Yes | Traceback after WebVPN authentication with FreeRadius |
| CSCse43078 | Yes | WebVPN: links at www.microsoft.com <outbind://111/www.microsoft.com> fail to work |
| CSCse43152 | Yes | WebVPN/SVC Radius Passwd-Mngt fails when using domain\username format |
| CSCse43611 | Yes | Flash: Wr mem running-config to flash has some issues |
| CSCse43807 | Yes | webvpn url entry with embedded user:Passwd fails with URl is invalid |
| CSCse44138 | Yes | WebVPN Citrix ICA connection losing connectivity due to client_tx_q_full |
| CSCse44258 | Yes | Modifying vpn-filter acl blocks normal traffic from inside to outside |
| CSCse45308 | Yes | Static nailed rule does not match conn destined for that address |
| CSCse45327 | Yes | VPN stateful failover gets out of sync |
| CSCse45694 | Yes | Standby: Traceback in Thread Name: IKE Daemon with dACL |
| CSCse45948 | Yes | write memory all did not report failure for failing to save config |
| CSCse45971 | Yes | Calling-Station-ID passed to radius as 0.0.0.0 for webvpn with pw mgmt |
| CSCse46220 | Yes | ASA: Poor Performance and Out-of-Order packets with SSM module enabled |
| CSCse46292 | Yes | Traceback in Thread Name: snmp |
| CSCse46874 | Yes | Enhancement: per-interface authorization for IPSec connections |
| CSCse47150 | Yes | Traceback in Thread Name: Dispatch Unit with ESMTP Inspect enabled |
| CSCse47328 | Yes | Fix RM flow drop reason #defines |
| CSCse47400 | Yes | WebVPN: Unable to Authenticate using DoD Certificate |
| CSCse48146 | Yes | AIC SIP: fails to match request method <unknown> in inspect SIP pmap |
| CSCse48193 | Yes | ASA vulnerable to cross-site scripting when using WebVPN |
| CSCse49450 | Yes | AAA - dACL and Cisco-AV-Pair ACLs are only applied to the 1st SVC user |
| CSCse49851 | Yes | 7.2 5510 security plus license should support only 2 contexts by default |
| CSCse50716 | Yes | URL Filtering: Traceback with Thread Name: Dispatch Unit |
| CSCse50772 | Yes | L2TP/IPSec: MS-Clients unable to connect when ASA is behind a NAT device |
| CSCse50782 | Yes | DNS-based LDAP Authentication/Authorization fails |
| CSCse50804 | Yes | OSPF stuck in EXCHANGE in certain assymetric routing scenarios |
| CSCse52050 | Yes | Very large ACL applied to NAT or Crypto may traceback in Checkheaps |
| CSCse53294 | Yes | Configuration begin syslog 111007 shows wrong local ip address with ssh |
| CSCse53987 | Yes | vPif_getVpif: bad vPifNum' errors with cut-through proxy enabled |
| CSCse54543 | Yes | ASA cosmetic high memory use in context show memory |
| CSCse54582 | Yes | AAA: Traceback in Thread Name: Dispatch Unit with Radius auth |
| CSCse54749 | Yes | 210007 LU allocate xlate failed syslog generated by overlapping nat cfg |
| CSCse55066 | Yes | VPN: orignate-only VPN fails after failover |
| CSCse55931 | Yes | 1550 byte block depletion prohibits websense communication |
| CSCse57386 | Yes | 5505: EZVPN Remote: DPD timeout is 5 minutes,should be 90 sec |
| CSCse57889 | Yes | Execute certain fover cmds trigger interface testing |
| CSCse58602 | Yes | SVC fails to establish if Cisco-AV-Pair contain both ip and webvpn ACEs |
| CSCse59113 | Yes | 5510 base license should not limit 4ge card |
| CSCse59498 | Yes | WebVPN: Citrix traffic may cause Traceback in Thread Name: Dispatch Unit |
| CSCse59955 | Yes | Rommon in ASA5505 main card would reset ASA-SSC-10 card. |
| CSCse61225 | Yes | Support daylight savings changes in Energy Policy Act of 2005 |
| CSCse61315 | Yes | SSMIO-4GE SFP interfaces G1/1 - G1/3 don't operate |
| CSCse61696 | Yes | HTTP server enable doesn't take Port number change in Multiple-router mo |
| CSCse62603 | Yes | alias command does not work |
| CSCse62914 | Yes | Standby device Traceback in Thread Name: tcp_thread |
| CSCse63079 | Yes | cpu hog in ssh_init process when connecting via SSH |
| CSCse63596 | Yes | inspect RSH fails when 1st segment contains more than just port |
| CSCse65000 | Yes | WebVPN: Cisco Call Manager is failing thru rewriter |
| CSCse66007 | Yes | AAA commands not working for serial console in multi context mode |
| CSCse66133 | Yes | Traceback in Thread Name: ssh when ACLs are displayed in SSH or ASDM |
| CSCse66235 | Yes | Memory exhausts with logging flash-bufferwrap and high syslog level |
| CSCse66442 | Yes | cut-thru proxy: 'Authentication not required' returned on browse to pix |
| CSCse66490 | Yes | Traceback with 'Thread Name: accept/http' after editing time-based ACLs |
| CSCse67584 | Yes | ldap attr map CLI renders console/session unusable in multi mode |
| CSCse67916 | Yes | Potential memory leakages in webvpn_ica_socks.c with ASA internal errors |
| CSCse68781 | Yes | Traceback in Thread Name: emweb/https when starting to load WebVPN |
| CSCse70163 | Yes | 5505/SSC I2C lock up in Rommon. |
| CSCse70181 | Yes | WebVPN: Traceback when using 'debug webvpn citrix 10' |
| CSCse70993 | Yes | Traceback when applying large ACL to NAT or Crypto Map |
| CSCse71146 | Yes | IPSec RA clients with large dACL may cause Traceback in Thread Name:aaa |
| CSCse73812 | Yes | Traceback in Thread Name: Dispatch Unit when L2L VPN Initiator |
| CSCse74097 | Yes | Mac-exempt: mac spoofing does not generate the expected syslog |
| CSCse74391 | Yes | WebVPN not using custom text color for some dialogs |
| CSCse74778 | Yes | Traceback in Thread Name: IP Thread with PPPoE enabled |
| CSCse74838 | Yes | WebVPN: DSF Referral messages missing on distributed Servers over WebVPN |
| CSCse75485 | Yes | Traceback in Thread Name: fover_parse during config sync |
| CSCse75523 | Yes | Received ARP request collision when issuing write standby |
| CSCse76085 | Yes | WebVPN: OWA: file download with size>100KB stops |
| CSCse76095 | Yes | Traceback in Thread Name: Checkheaps when starting WebVPN |
| CSCse76115 | Yes | Cascade delimiter not inserted with correct priority for dynamic crypto. |
| CSCse76150 | Yes | No TACACS+ authorization request sent for show run command |
| CSCse76171 | Yes | ASA reverse bytes order of DHCP scope when using SVC |
| CSCse76480 | Yes | 4 byte block allocation lacks the padding |
| CSCse77122 | Yes | FTP-data connection not replicated back to primary after failover |
| CSCse77261 | Yes | Traceback in Thread Name: MFIB with pim mcast routing |
| CSCse77680 | Yes | P2 in progress test broken - could cause unexpected rekey. |
| CSCse77855 | Yes | buffer leak upon IPSEC spoofing. |
| CSCse77943 | Yes | Failover: Primary takes over as Active after reload |
| CSCse78065 | Yes | # sign in config not replicated to Standby unit |
| CSCse78228 | Yes | 7.2.1 Crash in snp_tcp_ha_flow_belongs_to_active_context |
| CSCse78299 | Yes | Primary/Secondary units become Active state when failover link failed |
| CSCse78755 | Yes | Traceback in Thread Name: Dispatch Unit when starting DPD timer for SVC |
| CSCse78779 | Yes | Standby become active after fo link failed with fover hold time > 15 sec |
| CSCse79422 | Yes | RA VPN Phase 2 fails when local pool with classless mask is used |
| CSCse80001 | Yes | Traceback in IKE daemon while trying to post event (syslog) |
| CSCse80897 | Yes | AAA: User-Password and EAP-Proxy should not be in same RADIUS request |
| CSCse81073 | Yes | WebVPN: Traceback with Thread Name: emweb/https |
| CSCse81232 | Yes | Failover pair loses failover state configuration after upgrade to 7.2.1 |
| CSCse81273 | Yes | Traceback 'Thread Name: Dispatch Unit' with PPPOE and SSM-CSC |
| CSCse81330 | Yes | Strict HTTP inspection ignores '304 Not Modified' -syslog message 415014 |
| CSCse81633 | Yes | ASA 4GE-SSM Gig ports silently drop IGMP joins |
| CSCse81656 | Yes | LDAP CLI is not displaying quotes when parameters contain spaces |
| CSCse82262 | Yes | No specific error message while uploading a file via HTTPS |
| CSCse82743 | Yes | Java applet fails to load through WebVPN |
| CSCse83515 | Yes | ASA-5550 reports incorrect amount of RAM in show version output |
| CSCse83905 | Yes | dhcprelay stops working if FW interface ip address is modified |
| CSCse85490 | Yes | SSC Rommon resets 5505 switch ports. |
| CSCse86877 | Yes | WebVPN: DNS resolving Port Forwarding hostname entries when it shouldn't |
| CSCse86968 | Yes | Standby unit sends accounting records for replicated DACL commands |
| CSCse88572 | Yes | SIP: Does not parse the compact form of Call-ID |
| CSCse88632 | Yes | WebVPN: Kronos Applet doesn't launch |
| CSCse88873 | Yes | IPV6: TCP SYN-ACK with layer 2 padding dropped |
| CSCse89013 | Yes | debug radius decode does not show all attributes in Radius requests |
| CSCse89471 | Yes | WebVPN: RDP client VBScript function not recognized correctly |
| CSCse90732 | Yes | copy command prevents copying old asdm to tftp |
| CSCse90796 | Yes | ASA with PPPOE crashes in IP Thread |
| CSCse90864 | Yes | 3DES license is not accepted in 7.2 |
| CSCse90886 | Yes | MacOS VPN Client does not pass traffic with client-update feature on Asa |
| CSCse91039 | Yes | WebVPN: SSL Cert Request from ASA should include all trusted issuer DN's |
| CSCse91930 | Yes | Traceback when using packet tracer with multiple ACL rules |
| CSCse92016 | Yes | WebVPN: Refresh URL in http header not mangled - port CSCse00556 to asa |
| CSCse94012 | Yes | VPN: wrong event generated when concurrent IKE negotiation max exceeded |
| CSCse94158 | Yes | FIPS: Add CRNG callback for new RNGs added since 7.0.4 |
| CSCse94162 | Yes | FIPS: Porting damage in content-mangling code |
| CSCse94241 | Yes | Traceback: Thread Name:vpnlb_thread when taking over as failover active |
| CSCse95357 | Yes | WebVPN: reply/forward action of OWA2000 does not attach message |
| CSCse95408 | Yes | Go button shows in pages opened from homepage with url entry disabled |
| CSCse95437 | Yes | Capture: Circular buffer stops capture when buffer full |
| CSCse96289 | Yes | VPN: Traceback with Thread Name: Dispatch Unit |
| CSCse96559 | Yes | vpn-filter does not work when used with IOS ESVPN client |
| CSCse98397 | Yes | EAP state engine triggers retransmission and corrupts EAP session |
| CSCse98516 | Yes | Webpvn: special character '?' cannot be configure in url-list |
| CSCse98719 | Yes | Connection fails with the CA cert of 4096 bits fails with Error #72eh |
| CSCse98959 | Yes | Static Analysis: Add options to make sa for changelist |
| CSCse99033 | Yes | tracked route removed from Standby firewall after failover |
| CSCse99107 | Yes | webvpn/ssl - flow control issues transferring large OWA attachments |
| CSCse99257 | Yes | WebVPN: ActiveX port-forwarder problem |
| CSCse99783 | Yes | DHCP Relay fails when static specified |
| CSCsf00368 | Yes | Crashinfo file may incorrectly show 0% free memory |
| CSCsf01451 | Yes | Inspect IM breaks websense |
| CSCsf02102 | Yes | SIP, show conn after phone registration has wrong information displayed |
| CSCsf02349 | Yes | Traceback in ThreadName: ci/console when add certificate in wrong format |
| CSCsf04271 | Yes | WebVPN connections fail after reload with self signed certs |
| CSCsf05931 | Yes | AAA: group-lock does not handle tunnel-group names with spaces |
| CSCsf07036 | Yes | ASA hangs during initialization after 4GE card is shutdown |
| CSCsf08950 | Yes | AAA: Memory leak with ACL in cut-through-proxy |
| CSCsf09795 | Yes | Using SecureID to auth users may cause high CPU |
| CSCsf10185 | Yes | ASA should allow 255.255.255.255 mask on PPPoE interface |
| CSCsf10248 | Yes | Unable to pass traffic from one context to other through shared int |
| CSCsf10663 | Yes | High CPU / System locks up when adding a network object entry |
| CSCsf10973 | Yes | SSM-4GE I/O card hangs after backplane GPIO power off |
| CSCsf11095 | Yes | show conn display problems for secondary conns with static network |
| CSCsf11672 | Yes | SMTP Inspection with multiple line response fails |
| CSCsf12352 | Yes | Remove unwanted console messages related 4GE SSM |
| CSCsf12436 | Yes | show version on 5505 display cpu as Pentium |
| CSCsf13906 | Yes | ASA may hang during boot |
| CSCsf14075 | Yes | WebVPN: OWA 2007 does not send response/forward |
| CSCsf14370 | Yes | cut-through authentication redirects port, causing connectivity issues |
| CSCsf15361 | Yes | L2TP: disconnects thru PAT/ DSL topology |
| CSCsf15525 | Yes | L2TP: Failure to connect within 120 seconds of initial disconnect |
| CSCsf16622 | Yes | Firewall should log syslog when IGMP report denied by IGMP ACL |
| CSCsf16633 | Yes | ASA - OSPF over VPN tunnel not working correctly |
| CSCsf17256 | Yes | ASA 7.2.1 crash with thread emweb/cifs from snp_tcp_intercept_cb() |
| CSCsf18590 | Yes | show failover not show stateful vlan link failed in link failed scenario |
| CSCsf18739 | Yes | OWA2003 gives an   error when used with Webvpn |
| CSCsf19244 | Yes | Traceback in Thread Name: pix_flash_config_thread with vpdn config |
| CSCsf20095 | Yes | ASA5505: Potential issue - GE controller may get stuck at transmit |
| CSCsf20856 | Yes | ASA should return FQDN on HTTP authentication (Socks) |
| CSCsf21159 | Yes | CRL checking fails when using Entrust CA on ASA |
| CSCsf21253 | Yes | Linux VPN Client does not pass traffic when client-update is enabled |
| CSCsf21488 | Yes | vpnfo client timeout causes standby to reload due to failover reset |
| CSCsf21675 | Yes | Change the password reset command string for CSC SSM |
| CSCsf21882 | Yes | Traceback in Thread: Dispatch Unit with QOS police configuration |
| CSCsf21932 | Yes | packet-tracer does not show access-list and object-group information |
| CSCsf22694 | Yes | ESMTP connection not terminated with malformed mail from address |
| CSCsf23145 | Yes | Unable to complete large uploads through VPN if packet loss occurs |
| CSCsf23672 | Yes | Traceback in garbage collector with SIP inspection configured |
| CSCsf24173 | Yes | IPv6: Fixup FTP is not working with IPv6 |
| CSCsf24272 | Yes | IPv6: ACL corruption with service object-group |
| CSCsf24409 | Yes | User lockout functionality for telnet to box not working in multimode |
| CSCsf24901 | Yes | WebVPN returns a blank page with error HTTP/1.1 302 Moved Temporarily |
| CSCsf25601 | Yes | OWA2003 SP2 with hotfix Support Required |
| CSCsf25691 | Yes | Authentication not happening with Openldap server |
| CSCsf25963 | Yes | WebVPN OWA 2003 404 error while inbox is loading Premium Client |
| CSCsf28690 | Yes | L2TP/IPsec ASA rejects clients certificate |
| CSCsf29064 | Yes | Management SSH Connections denied - waiting on AAA srv reply |
| CSCsf29437 | Yes | Output for show failover state command needs improvement |
| CSCsf30454 | Yes | Crash in fover_parse due to SNMP during failover replication |
| CSCsf31731 | Yes | First IPv6 connection to the box fails, subsequent connections pass |
| CSCsf31767 | Yes | comma cannot be used in Subject DN in certificate parameters of ASA |
| CSCsf32319 | Yes | Unable to pass traffic between contexts using unique MACs |
| CSCsf96488 | Yes | Need stack trace capability to identify the session disconnection flow |
| CSCsf97902 | Yes | HTTP Inspect regex match of Request header will not match Header-Type |
| CSCsf98271 | Yes | traceback in dns_cache_timer or dns_process using clientless browsing |
| CSCsf98572 | Yes | Webvpn prompt for SecureID pin shows in clear text |
| CSCsf98804 | Yes | Wrong TCP sequence numbers in ICMP Unreachable when sent through ASA |
| CSCsf99289 | Yes | Traceback in Thread Name: aaa |
| CSCsf99335 | Yes | Traceback in Thread Name: IKE Daemon and Checkheaps memory corruption |
| CSCsf99833 | Yes | Traceback in fover_FSM_thread w/deb fover switch and stateful link down |
| CSCsf99945 | Yes | Remove FWSM specific 'show pc ....' cli |
| CSCsg00066 | Yes | Traceback in accept/http with ASDM 'clear configure crypto dynamic-map' |
| CSCsg00748 | Yes | Clear window-scale sack option in non-syn packets instead of dropping it |
| CSCsg00914 | Yes | OSPF neighbors don't form due to corrupted arp entry |
| CSCsg01099 | Yes | ASA: Files on flash show incorrect date when looked using a Windows PC |
| CSCsg03411 | Yes | WebVPN CIFS file delete when client try to rename |
| CSCsg04083 | Yes | TG cookie is not properly set before redirection to CSD installation |
| CSCsg04324 | Yes | VPN: high cpu usage with DHCP assigned IP addresses |
| CSCsg05160 | Yes | name command doesn't accept 128.0.0.0 and 192.0.0.0 as a network |
| CSCsg05422 | Yes | WebVPN OWA2003:page not displayed properly when the address book is used |
| CSCsg05519 | Yes | Port 443 is not available for IPSEC over TCP |
| CSCsg05587 | Yes | access-lists not downloaded from aaa server in some cases |
| CSCsg07077 | Yes | server-side DPD never sent out - connection dropped |
| CSCsg07425 | Yes | Need to update OpenSSL to 0.9.7k |
| CSCsg07720 | Yes | VPN Session DB: Potential stale point access in SESS_ACTIVE_REC |
| CSCsg08629 | Yes | webvpn customization title..help for style and text reversed |
| CSCsg08725 | Yes | Traceback: Thread Name: Dispatch Unit when timeout TCP keepalive message |
| CSCsg08799 | Yes | Traceback in Dispatch Unit and assertion flow->vpn_handle == NULL |
| CSCsg08833 | Yes | CSC may failover with syslog 323006 when 'dir disk1:/' executed |
| CSCsg09045 | Yes | URL redirect not working |
| CSCsg10386 | Yes | Webvpn not using custom text color for conection error dialog |
| CSCsg10605 | Yes | ASA: TCP normalizer spoofs an ACK with all zeroes src MAC address |
| CSCsg10950 | Yes | SIP registration using Camelot fails with inspect enabled |
| CSCsg11701 | Yes | WebVPN: Java Security exception: SHA1 digest error-> Java applet |
| CSCsg11706 | Yes | Unable to reconnect ssl/vpn when DPD keepalive expires |
| CSCsg11817 | Yes | Disable Back button in denied access page |
| CSCsg11957 | Yes | CSC cutting link speed by 60%, and download speeds are very slow. |
| CSCsg13717 | Yes | snmpwalk on CISCO-IPSEC-FLOW-MONITOR-MIB returns OIDs out of order |
| CSCsg14238 | Yes | Remove invalid commands from 5505 interface configuration |
| CSCsg14743 | Yes | TCP connections through L2TP/IPSEC not routable with route...tunneled |
| CSCsg15224 | Yes | WebVPN: Java applet fails to load |
| CSCsg16888 | Yes | VPNLB: HTTP to HTTPS redirect does not work after re-enabling |
| CSCsg17150 | Yes | Traceback in Thread Name: Dispatch Unit with Large Multicast Packets |
| CSCsg17709 | Yes | Inspect information not displayed in packet-tracer output |
| CSCsg17712 | Yes | AAA: Auth-Proxy session expired when using multiple connections |
| CSCsg18637 | Yes | Unable to telnet to more than one IPv6 addr on interface |
| CSCsg20027 | Yes | LDAP msRadiusFramedIPAddress doesn't assign IP in 7.2.x, OK in 7.1.x |
| CSCsg20301 | Yes | Originate-Only/Answer-Only data being dropped |
| CSCsg20773 | Yes | FIPS self test failure on new image upgrade |
| CSCsg21230 | Yes | EASTERN is hardcoded as SMTP date timezone |
| CSCsg21242 | Yes | ASA: Outbound ESP blocked by VPN-Filter when using Originate-Only |
| CSCsg21515 | Yes | Traceback in Thread Name: Dispatch Unit when enabling Webvpn |
| CSCsg21527 | Yes | FOVER: Traceback in Thread Name: fover_FSM_thread when booting up |
| CSCsg23113 | Yes | WebVPN: java.lang.ClassFormatError: Truncated class file |
| CSCsg23233 | Yes | VPN: 'show isa sa' may cause traceback in Thread Name: telnet/ci |
| CSCsg23270 | Yes | Traceback in Thread Name: telnet/ci with 'show local | grep 1.1.1.1\' |
| CSCsg23473 | Yes | ASA 7.0 ssh process vulnerable to CRC32 compensation DOS attack |
| CSCsg24602 | Yes | Malformed LDAP AD debug message |
| CSCsg25616 | Yes | ASA put PATed src port in ICMP (type3, code4) |
| CSCsg27124 | Yes | PIX 7.x does not allow RST pkt to pass from srv to client after failover |
| CSCsg27173 | Yes | WebVPN: Linux/Mac Location Criteria fails when Home Page is Configured |
| CSCsg27896 | Yes | SDI Cross-Realm authentication does not work |
| CSCsg29839 | Yes | Reply/Forward does not work with Domino Web Access and WEBVPN |
| CSCsg29988 | Yes | WebVPN: Java - java.lang.ClassNotFoundException: vminitializer.VMinitial |
| CSCsg30214 | Yes | ISAKMP threshold value in primary and secondary not the same |
| CSCsg30885 | Yes | Traceback: Thread Name: emweb/https and assert count <= payload failed |
| CSCsg31458 | Yes | PKI: cannot enter url with more than one '?' |
| CSCsg31633 | Yes | no ipsec-udp-port gives error type return through HTTPS |
| CSCsg31948 | Yes | Trace back in Thread Name: snmp (Old pc 0x009fa5a0 ebp 0x0202cfcc) |
| CSCsg31956 | Yes | VPN: Traceback in Thread Name: IKE Daemon |
| CSCsg32519 | Yes | Traceback in Thread Name: RIP Router |
| CSCsg34819 | Yes | Traceback in ssh thread after ssh timeout expires |
| CSCsg35215 | Yes | Syslog server down causes ICMP flood if ICMP is denied at interface |
| CSCsg35721 | Yes | Traceback in Thread Name: netfs_thread_init when auth with Kerberos |
| CSCsg35747 | Yes | ERROR: Failed to find ldap context after clear config all entered |
| CSCsg39502 | Yes | ASA 7.0.6 Traceback in tmatch compile |
| CSCsg39762 | Yes | 5510 show ver missleadingly indicates backplane FE as Not license |
| CSCsg40572 | Yes | Traceback in Thread Name: IKE Daemon |
| CSCsg40894 | Yes | ASA s/w crash due to memory mem_get_owner |
| CSCsg41593 | Yes | If 2 DHCP servers for VPN clients, failover for DHCP not successful |
| CSCsg43075 | Yes | VPN external group-policy timeout can cause various issues |
| CSCsg43077 | Yes | L2TP_IPSEC - VPN filters in group-policy matches udp 1701 l2tp traffic |
| CSCsg43384 | Yes | L2TP/IPSec - User filters configured using vpn-filter attr not applied |
| CSCsg43844 | Yes | In failover pair standby ASA used memory is higher than in active |
| CSCsg44868 | Yes | Same user in ACS and LOCAL database of aaa authorization causes error |
| CSCsg44875 | Yes | TACACS+ accounting records do not include port number |
| CSCsg46536 | Yes | alSslStatsActiveSessions from ALTIGA-SSL-STATS-MIB returns bad values |
| CSCsg48691 | Yes | WebVPN: Java applets failing thru the rewriter |
| CSCsg48881 | Yes | MCAST: improve direct connect multicast performance |
| CSCsg48997 | Yes | RST-ACK sent by service resetoutbound uses wrong sequence number |
| CSCsg49205 | Yes | Re-writing of SIP on-hold invite fails without a translation for 0.0.0.0 |
| CSCsg49473 | Yes | The url-server stats contain counter discrepancies |
| CSCsg49497 | Yes | Do not trust Content-Type when forcing no-cache |
| CSCsg49825 | Yes | Traceback at snp_fp_frag_v4 (Old pc 0x00218bc7 ebp 0x01853738) |
| CSCsg50453 | Yes | LDAP Authent setup crashing ASA ldap_client:ldap_client_scope_get+177 |
| CSCsg50757 | Yes | Memory corruption of dispatch_ctxt_t in checkheaps |
| CSCsg51932 | Yes | ISAKMP Phase 2 failure when NAT with NAT-T |
| CSCsg52108 | Yes | The uauth timeout is not enforced via TACACS+ |
| CSCsg52277 | Yes | Certain SMTP messages cannot be sent through ASA with 'inspect esmtp' on |
| CSCsg52606 | Yes | RSA signature forgery vulnerability in SSL code |
| CSCsg52749 | Yes | AAA:realm string has a unique session-id suffixed to it |
| CSCsg53569 | Yes | PIX-ASA: state-checking not compliant to H225 standards |
| CSCsg58837 | Yes | ASA crash in Dispatch Unit during configuration replication |
| CSCsg60257 | Yes | SIP inspect leading to unexpected Deny with no connection impacting BHCC |
| CSCsg62775 | Yes | RAS seeing incorrect H.323 state transition RCF-> GRQ |
| CSCsg63037 | Yes | Command rejected for single digit vlan number |
| CSCsg63297 | Yes | CPU hog when update large object group in policy nat |
| CSCsg64280 | Yes | FO: crypto ca cert map not replicated until after trustpoint match cmd |
| CSCsg64743 | Yes | VPN: Ambiguity with isakmp keepalive command |
| CSCsg65794 | Yes | WebVPN OWA 2003 Cannot save large files to disk with Save Target as... |
| CSCsg67322 | Yes | WebVPN: DFS Failure to open folders on a W2K server |
| CSCsg68430 | Yes | The clear arp <int> option is missing from 7.2 docs and help |
| CSCsg69270 | Yes | 717 - 72 byte blocks of mem leaked: _ber_memalloc_x+66 after vpn sys tst |
| CSCsg70099 | Yes | FIPS: PRNG not used for async/no_pend rand requests |
| CSCsg71008 | Yes | AAA: Kerberos cut-thru proxy auth doesnt work in more than one context |
| CSCsg71789 | Yes | FO:SVC DL ACL's are incorrect after failover to stdby- uses no/wrong ACL |
| CSCsg73147 | Yes | ASA crashes on codenomicon TLS suite |
| CSCsg76664 | Yes | System out-of-block with 2700 active WebVPN sessions |
| CSCsg77799 | Yes | ASA not forwarding multicast traffic with bidirectional RP |
| 固定リンク | コメント (0) | トラックバック (0)
You do not want the adaptive security appliance to open listening ports
最近のコメント