Cisco Bug: CSCsz61074 - ASA should reject unuseable ip pool config
Nov 09, 2016
- Cisco ASA 5500-X Series Firewalls
Known Affected Releases
Symptom: ASA will accept ip local pool config of "ip local pool xxxx 192.168.1.16 netmask 255.255.255.248" This config will not permit vpnclient connectivity. The correct config has an end address, viz:- "ip local pool xxxx 192.168.1.16-192.168.1.23 netmask 255.255.255.248" This DDTs is to prevent the invalid config from being accepted. Conditions: Primarily for ASA config deployed from CSM. Starting from CSM 3.2.2 SP1, acl 192.168.1.16/23 was deployed without end ip address. This DDTs is intended to make ASA more robust in rejecting the invalid config.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases