Cisco Bug: CSCsz11835 - ASA intermittently drops traffic for authenticated users w/auth-proxy
Nov 09, 2016
- Cisco ASA 5500-X Series Firewalls
Known Affected Releases
Symptom: In a rare corner case, if the ASA is configured for authentication-proxy, users behind that ASA might fail to pass traffic through the firewall that is subjected to authentication. At the time of the failure, the user shows as authenticated, so that traffic should be allowed by the firewall, however it is dropped. Conditions: The following conditions must be met to be affected by this problem: 1) Authentication proxy feature must be configured on the firewall. 2) Both of the config lines for 'virtual http' and 'virtual telnet' must be present in the configuration, and both must specify the same ip address. Here is an example of a configuration that would be affected by this problem: 'virtual http 10.88.88.50' 'virtual telnet 10.88.88.50'
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases