Preview Tool

Cisco Bug: CSCte44112 - " icmp-type" object groups can be erroneously used with the IPv6 ACL

Last Modified

Nov 09, 2016

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases


Description (partial)


"object-group icmp-type <name>" can be accidentally used in the IPv6 access-lists. The
semantics of interpretation of the ICMP types in the object group are IPv4-only - and are different
from the IPv6; so e.g. type "3" which is shown in the object group as "unreachable", when used in
the IPv6 access-list will be treated as respective IPv6 ICMP type 3, being "time-exceeded".

This can create a confusion and mistakes on the side of the operators.


Using icmp-type object groups in the IPv6 ACLs.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.