Cisco Bug: CSCte44112 - " icmp-type" object groups can be erroneously used with the IPv6 ACL
Nov 09, 2016
- Cisco ASA 5500-X Series Firewalls
Known Affected Releases
None Symptom: "object-group icmp-type <name>" can be accidentally used in the IPv6 access-lists. The semantics of interpretation of the ICMP types in the object group are IPv4-only - and are different from the IPv6; so e.g. type "3" which is shown in the object group as "unreachable", when used in the IPv6 access-list will be treated as respective IPv6 ICMP type 3, being "time-exceeded". This can create a confusion and mistakes on the side of the operators. Conditions: Using icmp-type object groups in the IPv6 ACLs.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases