Guest

Preview Tool

Cisco Bug: CSCuj44998 - ASA drops inbound traffic from AnyConnect Clients

Last Modified

May 25, 2020

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

8.4(5.5) 9.0(2.1) 9.0(3.4) 9.1(2.103) 9.1(3) 9.1(3.250)

Description (partial)

Symptom:
Inbound traffic from the AC client to the ASA's protected networks is dropped while the outbound traffic to the AC client works fine.

Conditions:
ASA has a site to site VPN configured with any one of the following conditions:

>> The remote network (in the encryption domain) overlaps with the anyconnect pool assigned to the AC clients.
>> The crypto ACL has a deny rule for the anyconnect pool assigned to the AC clients
>> Any crypto ACL has an explicit 'deny ip any any' as an access-list entry.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.