Cisco Bug: CSCuj44998 - ASA drops inbound traffic from AnyConnect Clients
Apr 30, 2020
- Cisco ASA 5500-X Series Firewalls
Known Affected Releases
8.4(5.5) 9.0(2.1) 9.0(3.4) 9.1(2.103) 9.1(3) 9.1(3.250)
Symptom: Inbound traffic from the AC client to the ASA's protected networks is dropped while the outbound traffic to the AC client works fine. Conditions: ASA has a site to site VPN configured with any one of the following conditions: >> The remote network (in the encryption domain) overlaps with the anyconnect pool assigned to the AC clients. >> The crypto ACL has a deny rule for the anyconnect pool assigned to the AC clients >> Any crypto ACL has an explicit 'deny ip any any' as an access-list entry.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases