Preview Tool

Cisco Bug: CSCsy98662 - Access-list allows port ranges with start-port greater than end-port

Last Modified

Nov 09, 2016

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases


Description (partial)

The ASA/PIX command line allows you to configure access-list entries with port ranges such that the start port is greater than the end port. For example:

access-list test permit tcp any any range 2000 1000

This may cause issues with configuration utilities, namely ASDM, that do sanity checks to ensure the start port is less than then end port.

This behavior is present on version 8.0.4 ad presumably earlier versions as well.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.