Cisco Bug: CSCte35569 - DOC BUG: ASA configuration guide: Policy Static Nat guide is misleading
Nov 08, 2016
- Cisco ASA 5500-X Series Firewalls
- Cisco ASA 5580 Adaptive Security Appliance
Known Affected Releases
Symptom: In the ASA configuration guide under the Policy Static Nat section (figure 19-11) it states: Figure 19-11 shows a remote host connecting to a translated host. The translated host has a policy static NAT translation that translates the real address only for traffic to and from the 209.165.201.xxx/27 network. A translation does not exist for the 209.165.200.xxx/27 network, so the translated host cannot connect to that network, nor can a host on that network connect to the translated host. Because of bug/feature request: CSCso79009 this is incorrect and we do NOT prevent the traffic because of non existent translation. The translation does NOT check the destination in the access-list for the Policy NAT, and hence does create the translation, and the traffic is allowed. Conditions: Configuration guides for ASA.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases