Guest

Preview Tool

Cisco Bug: CSCul60058 - Case sensitivity check missing for Web Type ACL and Access-group

Last Modified

Apr 16, 2020

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

8.3(2) 8.3(2.4) 8.4(5) 9.1(3) 9.1(3.2)

Description (partial)

Symptom:
The ASA case sensitivity does not work when it is configured with 'Extended' and 'Web type' ACLs and both the ACLs are configured with same name but with different 'case'.

As as example the extended ACL is configured with the name 'ABC' and the 'Web Type' ACL is configured with the name 'Abc' . 

access-list ABC extended permit ip any any
access-list Abc webtype permit tcp host 10.10.10.10 eq www

The ASA does not allow to configure the 'Extended' ACL on the interface and gives the following error message- 
 
ERROR: access-list <ABC> is webtype.  Only "extended" or
        "ethertype" acls can be attached to an interface.

The another symptom of the issue is that the command 'sh run access-list ABC' does not provide any outputs, where 'ABC' is the extended ACL. The 'sh access-list  ABC' and 'sh run access-list | in  ABC' provide the correct ACL details.

Conditions:
ASA is configured with 'Extended' and 'Web type' ACLs and both the ACLs are configured with same name but with different 'case'.

The 'Extended' ACL has to be applied on an ASA interface.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.