Guest

Preview Tool

Cisco Bug: CSCsz61074 - ASA should reject unuseable ip pool config

Last Modified

Nov 09, 2016

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

8.0(4.31)

Description (partial)

Symptom:

ASA will accept ip local pool config of

"ip local pool xxxx 192.168.1.16 netmask 255.255.255.248"

This config will not permit vpnclient connectivity. The correct config has an end address, viz:-

"ip local pool xxxx 192.168.1.16-192.168.1.23 netmask 255.255.255.248"

This DDTs is to prevent the invalid config from being accepted.
Conditions:

Primarily for ASA config deployed from CSM. Starting from CSM 3.2.2 SP1, acl 192.168.1.16/23 was deployed without end ip address. This DDTs is intended to make ASA more robust in rejecting the invalid config.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.