Preview Tool

Cisco Bug: CSCuj44998 - ASA drops inbound traffic from AnyConnect Clients

Last Modified

May 25, 2020

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

8.4(5.5) 9.0(2.1) 9.0(3.4) 9.1(2.103) 9.1(3) 9.1(3.250)

Description (partial)

Inbound traffic from the AC client to the ASA's protected networks is dropped while the outbound traffic to the AC client works fine.

ASA has a site to site VPN configured with any one of the following conditions:

>> The remote network (in the encryption domain) overlaps with the anyconnect pool assigned to the AC clients.
>> The crypto ACL has a deny rule for the anyconnect pool assigned to the AC clients
>> Any crypto ACL has an explicit 'deny ip any any' as an access-list entry.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.