Preview Tool

Cisco Bug: CSCsz11835 - ASA intermittently drops traffic for authenticated users w/auth-proxy

Last Modified

Nov 09, 2016

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases


Description (partial)

In a rare corner case, if the ASA is configured for authentication-proxy, users behind that ASA might fail to pass traffic through the firewall that is subjected to authentication. At the time of the failure, the user shows as authenticated, so that traffic should be allowed by the firewall, however it is dropped.

The following conditions must be met to be affected by this problem:
1) Authentication proxy feature must be configured on the firewall. 
2) Both of the config lines for 'virtual http' and 'virtual telnet' must be present in the configuration, and both must specify the same ip address.

Here is an example of a configuration that would be affected by this problem:
'virtual http'
'virtual telnet'
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.