Preview Tool

Cisco Bug: CSCul00697 - ASA drops traffic in fail-close mode during SSM config change

Last Modified

Jul 21, 2016

Products (17)

  • Cisco IPS 4200 Series Sensors
  • Cisco IPS 4255 Sensor
  • Cisco ASA 5555-X IPS Security Services Processor
  • Cisco IPS 4260 Sensor
  • Cisco IPS 4345 Sensor
  • Cisco IPS 4270-20 Sensor
  • Cisco IPS 4510 Sensor
  • Cisco ASA 5525-X IPS Security Services Processor
  • Cisco ASA 5545-X IPS Security Services Processor
  • Cisco IPS 4240 Sensor
View all products in Bug Search Tool Login Required

Known Affected Releases


Description (partial)

ASA drops traffic during an SSM config change.  The ASA logs will show:

... Application reloading "IPS", version "x.x.x" Config Change ...

<followed by>

... IPS card not up and fail-close mode used, dropping TCP packet from ...

The ASA has fail-close set and then during a Global Correlation or Signature update, or a signature tuning on an SSM running 7.1.x, the ASA will drop packets.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.