Home | Skip to Content | Skip to Search | Skip to Navigation | Skip to Footer |
Worldwide [change] |Register |About Cisco
Guest

Hierarchical Navigation

Cisco ASA 5500 Series Adaptive Security Appliances

Cisco ASA 5500 Series Release Notes, Version 7.2(2)

Downloads

Table Of Contents

Cisco ASA 5500 Series Release Notes Version 7.2(2)

Contents

Introduction

System Requirements

Memory Requirements

Determining the Software Version

Upgrading to a New Software Version

New Features

Password Reset

HTTP(S) Authentication Challenge Flexible Configuration

Important Notes

Maximum Number of VLANs

virtual http Command

sysopt uauth allow-http-cache Command

FIPS 140-2

Features not Supported in Version 7.2(2)

Using Priority-Queue on ASA Model 5505

Caveats

Open Caveats - Version 7.2(2)

Resolved Caveats - Version 7.2(2)

Related Documentation

Obtaining Documentation

Cisco.com

Product Documentation DVD

Ordering Documentation

Documentation Feedback

Cisco Product Security Overview

Reporting Security Problems in Cisco Products

Product Alerts and Field Notices

Obtaining Technical Assistance

Cisco Support Website

Submitting a Service Request

Definitions of Service Request Severity

Obtaining Additional Publications and Information


Cisco ASA 5500 Series Release Notes Version 7.2(2)

November 2006

Contents

This document includes the following sections:

Introduction

System Requirements

New Features

Important Notes

Caveats

Related Documentation

Obtaining Documentation

Documentation Feedback

Cisco Product Security Overview

Product Alerts and Field Notices

Obtaining Technical Assistance

Obtaining Additional Publications and Information

Introduction

The Cisco ASA 5500 series adaptive security appliances are purpose-built solutions that combine the most effective security and VPN services with the innovative Cisco Adaptive Identification and Mitigation (AIM) architecture. Designed as a key component of the Cisco Self-Defending Network, the adaptive security appliance provides proactive threat defense that stops attacks before they spread through the network, controls network activity and application traffic, and delivers flexible VPN connectivity. The result is a powerful multifunction network adaptive security appliance family that provides the security breadth and depth for protecting small and medium-sized business and enterprise networks while reducing the overall deployment and operations costs and complexities associated with providing this new level of security.

For more information on all the new features, see New Features.

Additionally, the adaptive security appliance software supports Cisco Adaptive Security Device Manager (ASDM). ASDM delivers world-class security management and monitoring through an intuitive, easy-to-use web-based management interface. Bundled with the adaptive security appliance, ASDM accelerates adaptive security appliance deployment with intelligent wizards, robust administration tools, and versatile monitoring services that complement the advanced integrated security and networking features offered by the market-leading suite of the adaptive security appliance. Its secure, web-based design enables anytime, anywhere access to adaptive security appliances.

System Requirements

The sections that follow list the system requirements for operating an adaptive security appliance. This section includes the following topics:

Memory Requirements

Determining the Software Version

Upgrading to a New Software Version

Memory Requirements

Table 1 lists the DRAM memory requirements for the adaptive security appliance.

Table 1 DRAM Memory Requirements 

ASA Model
DRAM Memory

ASA 5505

256 MB

ASA 5510

256 MB

ASA 5520

512 MB

ASA 5540

1024 MB

ASA 5550

4096 MB


All adaptive security appliances require a minimum of 64 MB of internal CompactFlash.

In a failover configuration, the two units must have the same hardware configuration. They must be the same model, have the same number and types of interfaces, and the same amount of RAM. For more information, see the "Configuring Failover" chapter in the Cisco Security Appliance Command Line Configuration Guide.

Note If using two units with different Flash memory sizes, make sure that the unit with the smaller Flash memory has enough space for the software images and configuration files.

Determining the Software Version

Use the show version command to verify the software version of your adaptive security appliance. Alternatively, you can see the software version, on the Cisco ASDM home page.

Upgrading to a New Software Version

If you have a Cisco.com (CDC) login, you can obtain software from the following website:

http://www.cisco.com/public/sw-center/products.shtml

You must upgrade or downgrade from Version 7.1.(x) to Version 7.2(2) and vice versa because older versions of the ASA images do not recognize new ASDM images, new ASA images do not recognize old ASDM images.

You can also use command-line interface to download the image, see the "Downloading Software or Configuration Files to Flash Memory" section in the Cisco Security Appliance Command Line Configuration Guide.

To upgrade from Version 7.1.(x) to 7.2(2), you must perform the following steps:

Step 1 Load the new 7.2(2) image from the following website:

http://www.cisco.com/pcgi-bin/tablebuild.pl/asa

Step 2 Reload the device so that it uses the 7.2(2) image.

Step 3 Load the new ASDM 5.2.(x) image from the following website:

http://www.cisco.com/pcgi-bin/tablebuild.pl/asa.

Step 4 Enter the following command, this will tell the adaptive security appliance where to find the ASDM image: 

hostname(config)# asdm image disk0:/ asdm file

To downgrade from Version 7.2(2) to 7.1.(x), you must perform the following steps:

Step 1 Load the 7.1(x) image from the following website:

http://www.cisco.com/pcgi-bin/tablebuild.pl/asa

Step 2 Reload the device so that it uses the 7.1(x) image.

Step 3 Load the ASDM 5.1(x) image from the following website:

http://www.cisco.com/pcgi-bin/tablebuild.pl/asa.

Step 4 Enter the following command, this will tell the adaptive security appliance where to find the ASDM image: 

hostname(config)# asdm image disk0:/ asdm file

New Features

This section lists the new features for Version 7.2(2). All new features are supported in ASDM 5.2(2).

Password Reset

Version 7.2(2) adds a new command, the hw-module module <slot#> password-reset command, to reset the password on the AIP-SSM and CSC-SSM modules, it resets the password of user 'cisco' back to the default value 'cisco'.

HTTP(S) Authentication Challenge Flexible Configuration

In Version 7.2(2), the adaptive security appliance authenticates HTTP network connections using basic HTTP authentication and authenticates HTTPS connections by generating similar custom login windows. This is the same exact behavior that was present in Version 7.1 and prior. You can use basic HTTP authentication if:

You do not want the adaptive security appliance to open listening ports

You use NAT on a router and you do not want to create a translation rule for the web page served by the adaptive security appliance

Basic HTTP authentication might work better with your network. For example non-browser applications, like when a URL is embedded in email, might be more compatible with basic authentication.

The new aaa authentication listener command enables the adaptive security appliance to authenticate web pages and select the form based redirection approach that is currently used in Version 7.2(1). In the absence of this new command, Version 7.1 authentication method is used.

Note By default the the aaa authentication listener command is not present in the configuration, making Version 7.1 aaa behavior the default for 7.2(2). However, when a Version 7.2(1) configuration is upgraded to Version 7.2(2), the appropriate aaa authentication listener commands are added to the configuration so that the aaa behavior will not be changed by the upgrade.

In Versions 7.1 and prior, the adaptive security appliance authenticated HTTP and HTTPS network connections by interacting with the client in a transparent manner, by using basic authentication for HTTP connections and by generating similar custom login windows for HTTPS connections. After successfully authenticating the client, the adaptive security appliance would connect through to the intended server. This approach did not require listening ports to be opened on the adaptive security appliance interfaces.

In Version 7.2(1), this functionality was replaced by a form based authentication approach where HTTP and HTTPS connections are redirected to authentication pages that are served from the adaptive security appliance. After successful authentication, the browser is again redirected to the originally-intended URL. This was done to provide:

More graceful support authentication challenge processing

An identical authentication experience for http and https users

A persistent logon/logoff URL for network users This approach does require listening ports to be opened on the adaptive security appliance on each interface on which aaa authentication was enabled.

Important Notes

This section lists important notes related to Version 7.2(2).

Maximum Number of VLANs

The maximum number of VLANs for the Security Plus license on the ASA 5505 adaptive security appliance was increased from 5 (3 fully functional; 1 failover; one restricted to a backup interface) to 20 fully functional interfaces. In addition, the number of trunk ports was increased from 1 to 8. Now there are 20 fully functional interfaces, you do not need to use the backup interface command to cripple a backup ISP interface; you can use a fully-functional interface for it. The backup interface command is still useful for an Easy VPN configuration.

VLAN limits were also increased for the ASA 5510 adaptive security appliance (from 10 to 50 for the Base license, and from 25 to 100 for the Security Plus license), the ASA 5520 adaptive security appliance (from 100 to 150), the ASA 5550 adaptive security appliance (from 200 to 250).

For more information, see the Configuring Switch Ports and VLAN Interfaces for the Cisco ASA 5505 Adaptive Security Appliance chapter in the Cisco Security Appliance Command Line Configuration Guide.

virtual http Command

The virtual http command has been restored. This is needed with basic authentication when you have cascading authentication requests.

sysopt uauth allow-http-cache Command

The sysopt uauth allow-http-cache command is deprecated.

FIPS 140-2

Version 7.2(2) has been submitted for FIPS 140 Level 2 validation.

Features not Supported in Version 7.2(2)

The PPTP feature is not supported in Version 7.2(2).

Using Priority-Queue on ASA Model 5505

On ASA Model 5505 (only), configuring priority-queue on one interface overwrites the same configuration on all other interfaces. That is, only the last applied configuration is present on all interfaces. Further, if the priority-queue configuration is removed from one interface, it is removed from all interfaces. This problem is present only on ASA5505 platforms.

To work around this issue, configure the priority-queue command on only one interface. If different interfaces need different settings for the queue-limit and/or tx-ring-limit commands, use the largest of all queue-limits and smallest of all tx-ring-limits on any one interface (CSCsi13132).

Caveats

The following sections describe the caveats for the Version 7.2(2).

For your convenience in locating caveats in Cisco's Bug Toolkit, the caveat titles listed in this section are drawn directly from the Bug Toolkit database. These caveat titles are not intended to be read as complete sentences because the title field length is limited. In the caveat titles, some truncation of wording or punctuation may be necessary to provide the most complete and concise description. The only modifications made to these titles are as follows:

Commands are in boldface type.

Product names and acronyms may be standardized.

Spelling errors and typos may be corrected.

Note If you are a registered cisco.com user, view Bug Toolkit on cisco.com at the following website:

http://www.cisco.com/support/bugtools

To become a registered cisco.com user, go to the following website:

http://tools.cisco.com/RPF/register/register.do

Open Caveats - Version 7.2(2)

Table 2 Open Caveats

DDTS Number
Software Version 7.2(2)
 
 
Corrected
Caveat

CSCsd50888

No

L2TP: connections fail intermittently -> error 678: There was no answer

CSCse88291

No

ASA crashes with WEBVPN user login when memory is running low.

CSCse92565

No

Traceback in Thread Name: tmatch compile thread after clear config all

CSCsf04123

No

Packet drops through VPN due to No route to VPN_peer_ip_address

CSCsf05298

No

Citrix not supported with CSC module

CSCsf13404

No

PIX cosmetic high memory use in context show memory

CSCsf25418

No

Traceback in Thread Name: tmatch compile after assert

CSCsf27202

No

AAA Radius NAS-Port-Type not sent in authentication request

CSCsg03102

No

Minor correction to vpn-addr-assign command reference documentation

CSCsg20953

No

WebVPN sessions created in the Secure Desktop don't expire

CSCsg26668

No

Undefined CSCO functions in JavaScript-generated HTML

CSCsg34853

No

Traceback with Thread Name: Dispatch Unit

CSCsg38186

No

Traceback in Thread Name: Dispatch Unit

CSCsg43591

No

SCP connection to PIX fails

CSCsg46962

No

WebVPN some functions do not work in javascript

CSCsg47023

No

L2TP Connections with Certificates to ASA Fail to Connect

CSCsg47241

No

Traceback when parsing LDAP config

CSCsg48442

No

Ping through ASA fails when using interface PAT on PPPoE interface

CSCsg53120

No

ASA WebVPN Time-out on Database Requests

CSCsg56876

No

ASA may crash after applying http or IM deep inspection

CSCsg60095

No

VPN traffic permitted by vpn-filter is denied

CSCsg61719

No

SNMP: Coldstart Trap is not sent

CSCsg62488

No

Traceback in Thread Name: Unicorn Proxy Thread

CSCsg62878

No

ocsp signer crl checking with crl none is not falling back to none

CSCsg63145

No

Traceback with Thread Name: PIX Garbage Collector

CSCsg64427

No

Compression: Can't turn off http-comp

CSCsg64450

No

FO: http auth message should be supressed on standby console

CSCsg64948

No

1550 blocks exhausted during radius authentication stress test

CSCsg65434

No

Multiple ipsec peers : PIX/ASA stops processing the IPSEC peers list

CSCsg66126

No

Large H.323 Registrations Fail through PIX

CSCsg67443

No

ASA Fails Recursive Route Lookup

CSCsg67961

No

L2TP: IKE rekeying prior to IPSec rekey terminates MAC L2TP

CSCsg68141

No

Show run router causes traceback in thread name: ci/console

CSCsg69275

No

1017-88 byte blocks leaked: _tmatch_summary_func+2877 after vpn sys test

CSCsg69281

No

3000 - 576 byte blocks leaked: _kernel_delete_sa+39 after vpn sys stress

CSCsg69408

No

Need warning when using time based ACLs with policy NAT/PAT

CSCsg69448

No

Need to update 7.x conf guides, time based ACLs not supported w/nat-pat

CSCsg69469

No

Incorrect user privileges when logging in with ASDM 5.2.1.54

CSCsg69998

No

tcp intercept not working when the inside host is running windows OS.

CSCsg70012

No

no sysopt noproxyarp c1in failed to remove noproxyarp for interface c1in

CSCsg70698

No

Session timer is not reset during WebVPN ActiveX and Java tunneling

CSCsg71369

No

P1 SA stuck in AM_FREE on secondary for ipsec sessions using net ext mod

CSCsg71416

No

encrypt rules added in wrong order - NEM misconfig causes data issues

CSCsg71534

No

40 P1 sa's got stuck in MM_Wait_Delete on secondary w/vpn system test

CSCsg71579

No

Programming assertion malloc.c:3822 on secondary after failover from pri

CSCsg73076

No

L2TP/IPSEC to ASA with certificates fails over low speed ISDN

CSCsg73376

No

Traceback in Thread Name: ci/console with large config tftp download

CSCsg75094

No

LDAP: ASA caanot authenticate to Active Directory using MD5

CSCsg75996

No

Radius authentication with downloadable acls causes crash

CSCsg76777

No

7.2 transparent / change of behavior : ASA does not retain the src mac

CSCsg77097

No

WebVPN OWA 2003 email.cisco.com inbox fails to load intermittent

CSCsg77099

No

WebVPN Java archives with uncompressed entries fail through rewriter

CSCsg77390

No

AAA: port-to-port static for port 80 and aaa http listener on same ifc

CSCsg77841

No

Cfg Guide: remove flash size match from failover hw criteria

CSCsg78524

No

With WebVPN login we type it once incorrectly and the ASA tries 3 times


Resolved Caveats - Version 7.2(2)

Table 3 Resolved Caveats 

DDTS Number
Software Version 7.2(2)
 
 
Corrected
Caveat

CSCei33965

Yes

MPC embryonic timoeout value overwrite global conn timeout

CSCek62768

Yes

crash in Unicorn Proxy Thread with large WebVPN session count in build30

CSCsb54431

Yes

clear in unpriviledged mode should be removed if not applicable.

CSCsb63230

Yes

Need a command to perform SSM password recovery from the ASA CLI

CSCsc01694

Yes

CRC errors on SSM-4GE Electrical ports on initial bringup

CSCsc37965

Yes

IP-directed broadcasts no longer allowed through device.

CSCsc89262

Yes

Syslog 722007 (WEBVPN_SVC_MSG_EMERG) severity needs to be changed

CSCsd13314

Yes

'show service policy flow' command shows incorrect flow match

CSCsd40989

Yes

L2TP: Populate client type/version within session database

CSCsd45605

Yes

2 routes to same n/w w same metric different ifx should not be allowed

CSCsd52578

Yes

Traceback in thread: snp_timer_thread

CSCsd54495

Yes

Traceback eip _strdup(0xebacac)+0x78 with large customer configuration

CSCsd57264

Yes

MPF: type syntax in help policy-map is missing a ]

CSCsd58688

Yes

SVC connections are not exempt from aaa authentication rules like IPSec

CSCsd59295

Yes

WCCP static bypass not working with vlan interfaces

CSCsd59936

Yes

Registering to the RP for PIM fails if fragmented in more then 12 packs

CSCsd60448

Yes

Proxy-bypass with automatic choice of target server

CSCsd64749

Yes

Failover: automatic removal of SSL trustpoint not replicated to stdby

CSCsd67093

Yes

PPPoE:Vpdn group for PPPoE shouldn't be configurable in Transparent mode

CSCsd67160

Yes

PPPoE:ip address pppoe cmd shouldn't be configurable in multi mode

CSCsd70581

Yes

Crash output to console has incomplete configuration

CSCsd71387

Yes

EzVPN: Tback IKE Daemon (Old pc 0x00507425 ebp 0x0333c6d8)

CSCsd74328

Yes

Traceback when changing sec level on an ifc and failover cfg with NAT

CSCsd74551

Yes

Add NP drop reason documentation for WCCP drops

CSCsd81262

Yes

CA cert with spaces could fail to install

CSCsd81294

Yes

'crypto ca import' of SSL cert may traceback in Thread Name: accept/http

CSCsd82307

Yes

FO: CLI position can get out of sync causing cmd replication failures

CSCsd82575

Yes

unexpected IGMP joins sent when configuring multicast routing

CSCsd84011

Yes

REGEX: ^ (match from beginning of text) does not work in some cases

CSCsd88471

Yes

VPNLB SVC uses virtual cluster certificate after redirecting to a master

CSCsd91587

Yes

functioning email proxy session generates syslog message error

CSCsd93380

Yes

Packets for VPN-l2l peer get dropped instead of encrypted

CSCsd94372

Yes

dhcp proxy: no RELEASE sent after failover and disconnect of vpn client

CSCse00996

Yes

tcp normalizer drop to-the-box traffic not conforming to RFC793 (MSS)

CSCse01293

Yes

Traceback in Thread Name: arp_forward_thread

CSCse02354

Yes

Traceback in Thread Name: Dispatch Unit

CSCse03176

Yes

Problem of group-name used in 'sasl-mechanism kerberos group-name'

CSCse05819

Yes

PIX: 33MHz GIG cards show speed/duplex unknown if nonegotiate configured

CSCse07242

Yes

Traceback in pix_flash_config_thread

CSCse08726

Yes

LDAP group-based policy Enforcement shouldn't require Cisco schema

CSCse08746

Yes

ASA send Radius attribute 31 source IP address as 0.0.0.0

CSCse09458

Yes

RadiusSDI feature of VPN Client fails with blank XAUTH text

CSCse09503

Yes

Syslog 304001 not generated when strict-http action allow log configured

CSCse10096

Yes

i2c_write_byte_w_suspend() error after rebooting ASA5505

CSCse10714

Yes

Shun behavior change in 7.x

CSCse12021

Yes

Error msg change when attempt auth-srvr-group None in ipsec tunn-grp

CSCse13544

Yes

Increase in memory usage after enabling-disabling webvpn

CSCse14296

Yes

Trustpoint not found if ASA not enrolled with the trustpoint

CSCse15854

Yes

clear config webvpn only partially clean-up proxy-bypass...

CSCse15977

Yes

Traceback when two admin sessions are working on the same capture

CSCse17176

Yes

SUA policy is unspecified -WEB login requires user to authenticate twice

CSCse17638

Yes

IM: Misc CLI issues

CSCse17660

Yes

Incorrect LDAP debug error when incorrect RDN configured

CSCse18005

Yes

PIX/ASA originate-only VPN fails to create dynamic ACL

CSCse19020

Yes

PPTP Pass-through not working due to inspection

CSCse20501

Yes

Passive FTP to Multinet server fails

CSCse20538

Yes

IKE Syslogs 713041 713042 should specify interface name

CSCse21451

Yes

Memory leak in VPN fover module during failover config syncing

CSCse22330

Yes

Traceback in Thread Name: Dispatch Unit

CSCse22332

Yes

Failed to deploy config when first line in config contain ! character

CSCse22659

Yes

CIFS server names limited to 15 characters

CSCse22668

Yes

CIFS should use DNS lookups for long server names

CSCse23164

Yes

traceback in thread Name: qos_metric_daemon

CSCse23165

Yes

Message sent to client when aaa authorization fails has changed

CSCse23554

Yes

Memory leak within event_smtpmgr:es_SmtpSndMSG function

CSCse23751

Yes

Nested tracebacks may not stop without manual device reload

CSCse24432

Yes

DHCPRelay: Some clients may not get NACKs

CSCse24537

Yes

RIP: [no] access-list defined in distribute-list should display err msg

CSCse24921

Yes

debug icmp does not show request packet being sent

CSCse25515

Yes

FO: dhcpd warnings seen on standby during replication of config

CSCse26317

Yes

inspect radius-acct: show user with IP cuasing err msg w/ multiple pmaps

CSCse26469

Yes

Cannot store more than one vpdn username/password pairs locally

CSCse27184

Yes

basic attribute is not checked in all mode config attributes, may reload

CSCse27249

Yes

FO: interface monitoring not working on most recent created interface

CSCse27787

Yes

AIC SIP: SIP messages might fail state-check knob when record-route on

CSCse28430

Yes

MS AD-LDAP: set default RDN-Naming Attribute to be sAMAccountName

CSCse28540

Yes

LDAP admin bind: support secure SASL-MD5 and SASL-Kerberos methods

CSCse29700

Yes

WebVPN and SVC Sessions being disconnected due to Idle Timeouts 40+Days.

CSCse29840

Yes

AdmissionConfirm received without an AdmissionRequest, ACF dropped

CSCse30049

Yes

SSH conns to the box not removed after a Failover

CSCse30061

Yes

VPN decompress error when decrypting packet with IP compression

CSCse30102

Yes

VPN dynamic ACL can be deleted from the CLI

CSCse30616

Yes

ASA VPN load balancing cannot ping cluster ip address

CSCse32309

Yes

Timeout of secondary flow causes traceback in Thread Name: Checkheaps

CSCse33143

Yes

Dynamic ACL created under with command access-list <name> d ...

CSCse33211

Yes

aaa http authentication doesnt work when interface IP is named

CSCse33736

Yes

DoD Certs:Subject Alternative Name support for VPN Author for IPSec RA

CSCse33851

Yes

H.225 releasecomplete message was dropped by the firewall

CSCse33986

Yes

Small memory leak when tunnel denied due to unavailable Integrity Server

CSCse34179

Yes

MFW-R: traceback in 'clear cfg all' during a performance test.

CSCse34477

Yes

ESMTP: mail-relay param w/o any action accepted, junk chars in sho run

CSCse34508

Yes

ESMTP: help mail-relay display needs changes

CSCse34540

Yes

telnet and http(asdm) conns are not removed after failover

CSCse35370

Yes

AIC SIP: should not allow overwrite inspect sip <pmap> @ default class

CSCse35566

Yes

Traceback with 'Thread Name: Dispatch Unit' on clear xlate

CSCse35610

Yes

traceback in ci/console after editing group-p CLI sitting at more prompt

CSCse35636

Yes

RTP Conformance print SSRC re-initializing message for bad SSRC Packet

CSCse36112

Yes

PIX/ASA never processes huge access-list if it runs short of memory

CSCse36519

Yes

IM: MSN code improvement to reduce the risk of false positives

CSCse36691

Yes

Traceback on 'cl conf all' with delay-free-poisoner enabled

CSCse37315

Yes

AIC DNS - Traceback after removing certain MPF actions with DNS traffic

CSCse37733

Yes

ASA Crash with nat ID as 0

CSCse37787

Yes

Traceback after becoming Active with VPN connections

CSCse38062

Yes

ICA Client users cannot connect to Citrix through WebVPN

CSCse38087

Yes

Kerberos authentication fails after during stress test in multiple-mode

CSCse38659

Yes

unexpected IGMP rejoins when joins previously cfg'd and mcast re-enabled

CSCse39344

Yes

AD UserAccountControl attrib not enforced if using LDAP Authorization

CSCse40332

Yes

ASA multiple mode rollback of config failed for admin and other VC

CSCse40671

Yes

RTSP w/PAT, PIX set client_ports to NULL

CSCse40704

Yes

Lock IMB boot code

CSCse41071

Yes

ldap-login-password not hidden in config

CSCse41663

Yes

WebVPN using SDI Auth - New PIN mode does not work - IPSec OK

CSCse42014

Yes

Java applets archive mangling fails when the codebase is a full url

CSCse42332

Yes

ASA5505: PORT up/down stat is not reflected in show stat + more

CSCse42413

Yes

Traceback after WebVPN authentication with FreeRadius

CSCse43078

Yes

WebVPN: links at www.microsoft.com <outbind://111/www.microsoft.com> fail to work

CSCse43152

Yes

WebVPN/SVC Radius Passwd-Mngt fails when using domain\username format

CSCse43611

Yes

Flash: Wr mem running-config to flash has some issues

CSCse43807

Yes

webvpn url entry with embedded user:Passwd fails with URl is invalid

CSCse44138

Yes

WebVPN Citrix ICA connection losing connectivity due to client_tx_q_full

CSCse44258

Yes

Modifying vpn-filter acl blocks normal traffic from inside to outside

CSCse45308

Yes

Static nailed rule does not match conn destined for that address

CSCse45327

Yes

VPN stateful failover gets out of sync

CSCse45694

Yes

Standby: Traceback in Thread Name: IKE Daemon with dACL

CSCse45948

Yes

write memory all did not report failure for failing to save config

CSCse45971

Yes

Calling-Station-ID passed to radius as 0.0.0.0 for webvpn with pw mgmt

CSCse46220

Yes

ASA: Poor Performance and Out-of-Order packets with SSM module enabled

CSCse46292

Yes

Traceback in Thread Name: snmp

CSCse46874

Yes

Enhancement: per-interface authorization for IPSec connections

CSCse47150

Yes

Traceback in Thread Name: Dispatch Unit with ESMTP Inspect enabled

CSCse47328

Yes

Fix RM flow drop reason #defines

CSCse47400

Yes

WebVPN: Unable to Authenticate using DoD Certificate

CSCse48146

Yes

AIC SIP: fails to match request method <unknown> in inspect SIP pmap

CSCse48193

Yes

ASA vulnerable to cross-site scripting when using WebVPN

CSCse49450

Yes

AAA - dACL and Cisco-AV-Pair ACLs are only applied to the 1st SVC user

CSCse49851

Yes

7.2 5510 security plus license should support only 2 contexts by default

CSCse50716

Yes

URL Filtering: Traceback with Thread Name: Dispatch Unit

CSCse50772

Yes

L2TP/IPSec: MS-Clients unable to connect when ASA is behind a NAT device

CSCse50782

Yes

DNS-based LDAP Authentication/Authorization fails

CSCse50804

Yes

OSPF stuck in EXCHANGE in certain assymetric routing scenarios

CSCse52050

Yes

Very large ACL applied to NAT or Crypto may traceback in Checkheaps

CSCse53294

Yes

Configuration begin syslog 111007 shows wrong local ip address with ssh

CSCse53987

Yes

'vPif_getVpif: bad vPifNum' errors with cut-through proxy enabled

CSCse54543

Yes

ASA cosmetic high memory use in context show memory

CSCse54582

Yes

AAA: Traceback in Thread Name: Dispatch Unit with Radius auth

CSCse54749

Yes

210007 LU allocate xlate failed syslog generated by overlapping nat cfg

CSCse55066

Yes

VPN: orignate-only VPN fails after failover

CSCse55931

Yes

1550 byte block depletion prohibits websense communication

CSCse57386

Yes

5505: EZVPN Remote: DPD timeout is 5 minutes,should be 90 sec

CSCse57889

Yes

Execute certain fover cmds trigger interface testing

CSCse58602

Yes

SVC fails to establish if Cisco-AV-Pair contain both ip and webvpn ACEs

CSCse59113

Yes

5510 base license should not limit 4ge card

CSCse59498

Yes

WebVPN: Citrix traffic may cause Traceback in Thread Name: Dispatch Unit

CSCse59955

Yes

Rommon in ASA5505 main card would reset ASA-SSC-10 card.

CSCse61225

Yes

Support daylight savings changes in Energy Policy Act of 2005

CSCse61315

Yes

SSMIO-4GE SFP interfaces G1/1 - G1/3 don't operate

CSCse61696

Yes

HTTP server enable doesn't take Port number change in Multiple-router mo

CSCse62603

Yes

alias command does not work

CSCse62914

Yes

Standby device Traceback in Thread Name: tcp_thread

CSCse63079

Yes

cpu hog in ssh_init process when connecting via SSH

CSCse63596

Yes

inspect RSH fails when 1st segment contains more than just port

CSCse65000

Yes

WebVPN: Cisco Call Manager is failing thru rewriter

CSCse66007

Yes

AAA commands not working for serial console in multi context mode

CSCse66133

Yes

Traceback in Thread Name: ssh when ACLs are displayed in SSH or ASDM

CSCse66235

Yes

Memory exhausts with logging flash-bufferwrap and high syslog level

CSCse66442

Yes

cut-thru proxy: 'Authentication not required' returned on browse to pix

CSCse66490

Yes

Traceback with 'Thread Name: accept/http' after editing time-based ACLs

CSCse67584

Yes

ldap attr map CLI renders console/session unusable in multi mode

CSCse67916

Yes

Potential memory leakages in webvpn_ica_socks.c with ASA internal errors

CSCse68781

Yes

Traceback in Thread Name: emweb/https when starting to load WebVPN

CSCse70163

Yes

5505/SSC I2C lock up in Rommon.

CSCse70181

Yes

WebVPN: Traceback when using 'debug webvpn citrix 10'

CSCse70993

Yes

Traceback when applying large ACL to NAT or Crypto Map

CSCse71146

Yes

IPSec RA clients with large dACL may cause Traceback in Thread Name:aaa

CSCse73812

Yes

Traceback in Thread Name: Dispatch Unit when L2L VPN Initiator

CSCse74097

Yes

Mac-exempt: mac spoofing does not generate the expected syslog

CSCse74391

Yes

WebVPN not using custom text color for some dialogs

CSCse74778

Yes

Traceback in Thread Name: IP Thread with PPPoE enabled

CSCse74838

Yes

WebVPN: DSF Referral messages missing on distributed Servers over WebVPN

CSCse75485

Yes

Traceback in Thread Name: fover_parse during config sync

CSCse75523

Yes

Received ARP request collision when issuing write standby

CSCse76085

Yes

WebVPN: OWA: file download with size>100KB stops

CSCse76095

Yes

Traceback in Thread Name: Checkheaps when starting WebVPN

CSCse76115

Yes

Cascade delimiter not inserted with correct priority for dynamic crypto.

CSCse76150

Yes

No TACACS+ authorization request sent for show run command

CSCse76171

Yes

ASA reverse bytes order of DHCP scope when using SVC

CSCse76480

Yes

4 byte block allocation lacks the padding

CSCse77122

Yes

FTP-data connection not replicated back to primary after failover

CSCse77261

Yes

Traceback in Thread Name: MFIB with pim mcast routing

CSCse77680

Yes

P2 in progress test broken - could cause unexpected rekey.

CSCse77855

Yes

buffer leak upon IPSEC spoofing.

CSCse77943

Yes

Failover: Primary takes over as Active after reload

CSCse78065

Yes

# sign in config not replicated to Standby unit

CSCse78228

Yes

7.2.1 Crash in snp_tcp_ha_flow_belongs_to_active_context

CSCse78299

Yes

Primary/Secondary units become Active state when failover link failed

CSCse78755

Yes

Traceback in Thread Name: Dispatch Unit when starting DPD timer for SVC

CSCse78779

Yes

Standby become active after fo link failed with fover hold time > 15 sec

CSCse79422

Yes

RA VPN Phase 2 fails when local pool with classless mask is used

CSCse80001

Yes

Traceback in IKE daemon while trying to post event (syslog)

CSCse80897

Yes

AAA: User-Password and EAP-Proxy should not be in same RADIUS request

CSCse81073

Yes

WebVPN: Traceback with Thread Name: emweb/https

CSCse81232

Yes

Failover pair loses failover state configuration after upgrade to 7.2.1

CSCse81273

Yes

Traceback 'Thread Name: Dispatch Unit' with PPPOE and SSM-CSC

CSCse81330

Yes

Strict HTTP inspection ignores '304 Not Modified' -syslog message 415014

CSCse81633

Yes

ASA 4GE-SSM Gig ports silently drop IGMP joins

CSCse81656

Yes

LDAP CLI is not displaying quotes when parameters contain spaces

CSCse82262

Yes

No specific error message while uploading a file via HTTPS

CSCse82743

Yes

Java applet fails to load through WebVPN

CSCse83515

Yes

ASA-5550 reports incorrect amount of RAM in show version output

CSCse83905

Yes

dhcprelay stops working if FW interface ip address is modified

CSCse85490

Yes

SSC Rommon resets 5505 switch ports.

CSCse86877

Yes

WebVPN: DNS resolving Port Forwarding hostname entries when it shouldn't

CSCse86968

Yes

Standby unit sends accounting records for replicated DACL commands

CSCse88572

Yes

SIP: Does not parse the compact form of Call-ID

CSCse88632

Yes

WebVPN: Kronos Applet doesn't launch

CSCse88873

Yes

IPV6: TCP SYN-ACK with layer 2 padding dropped

CSCse89013

Yes

debug radius decode does not show all attributes in Radius requests

CSCse89471

Yes

WebVPN: RDP client VBScript function not recognized correctly

CSCse90732

Yes

copy command prevents copying old asdm to tftp

CSCse90796

Yes

ASA with PPPOE crashes in IP Thread

CSCse90864

Yes

3DES license is not accepted in 7.2

CSCse90886

Yes

MacOS VPN Client does not pass traffic with client-update feature on Asa

CSCse91039

Yes

WebVPN: SSL Cert Request from ASA should include all trusted issuer DN's

CSCse91930

Yes

Traceback when using packet tracer with multiple ACL rules

CSCse92016

Yes

WebVPN: Refresh URL in http header not mangled - port CSCse00556 to asa

CSCse94012

Yes

VPN: wrong event generated when concurrent IKE negotiation max exceeded

CSCse94158

Yes

FIPS: Add CRNG callback for new RNGs added since 7.0.4

CSCse94162

Yes

FIPS: Porting damage in content-mangling code

CSCse94241

Yes

Traceback: Thread Name:vpnlb_thread when taking over as failover active

CSCse95357

Yes

WebVPN: reply/forward action of OWA2000 does not attach message

CSCse95408

Yes

Go button shows in pages opened from homepage with url entry disabled

CSCse95437

Yes

Capture: Circular buffer stops capture when buffer full

CSCse96289

Yes

VPN: Traceback with Thread Name: Dispatch Unit

CSCse96559

Yes

vpn-filter does not work when used with IOS ESVPN client

CSCse98397

Yes

EAP state engine triggers retransmission and corrupts EAP session

CSCse98516

Yes

Webpvn: special character '?' cannot be configure in url-list

CSCse98719

Yes

Connection fails with the CA cert of 4096 bits fails with Error #72eh

CSCse98959

Yes

Static Analysis: Add options to make sa for changelist

CSCse99033

Yes

tracked route removed from Standby firewall after failover

CSCse99107

Yes

webvpn/ssl - flow control issues transferring large OWA attachments

CSCse99257

Yes

WebVPN: ActiveX port-forwarder problem

CSCse99783

Yes

DHCP Relay fails when static specified

CSCsf00368

Yes

Crashinfo file may incorrectly show 0% free memory

CSCsf01451

Yes

Inspect IM breaks websense

CSCsf02102

Yes

SIP, show conn after phone registration has wrong information displayed

CSCsf02349

Yes

Traceback in ThreadName: ci/console when add certificate in wrong format

CSCsf04271

Yes

WebVPN connections fail after reload with self signed certs

CSCsf05931

Yes

AAA: group-lock does not handle tunnel-group names with spaces