Cisco Bug: CSCul60058 - Case sensitivity check missing for Web Type ACL and Access-group
Apr 16, 2020
- Cisco ASA 5500-X Series Firewalls
Known Affected Releases
8.3(2) 8.3(2.4) 8.4(5) 9.1(3) 9.1(3.2)
Symptom: The ASA case sensitivity does not work when it is configured with 'Extended' and 'Web type' ACLs and both the ACLs are configured with same name but with different 'case'. As as example the extended ACL is configured with the name 'ABC' and the 'Web Type' ACL is configured with the name 'Abc' . access-list ABC extended permit ip any any access-list Abc webtype permit tcp host 10.10.10.10 eq www The ASA does not allow to configure the 'Extended' ACL on the interface and gives the following error message- ERROR: access-list <ABC> is webtype. Only "extended" or "ethertype" acls can be attached to an interface. The another symptom of the issue is that the command 'sh run access-list ABC' does not provide any outputs, where 'ABC' is the extended ACL. The 'sh access-list ABC' and 'sh run access-list | in ABC' provide the correct ACL details. Conditions: ASA is configured with 'Extended' and 'Web type' ACLs and both the ACLs are configured with same name but with different 'case'. The 'Extended' ACL has to be applied on an ASA interface.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases