Preview Tool

Cisco Bug: CSCsz61074 - ASA should reject unuseable ip pool config

Last Modified

Nov 09, 2016

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases


Description (partial)


ASA will accept ip local pool config of

"ip local pool xxxx netmask"

This config will not permit vpnclient connectivity. The correct config has an end address, viz:-

"ip local pool xxxx netmask"

This DDTs is to prevent the invalid config from being accepted.

Primarily for ASA config deployed from CSM. Starting from CSM 3.2.2 SP1, acl was deployed without end ip address. This DDTs is intended to make ASA more robust in rejecting the invalid config.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.