Preview Tool

Cisco Bug: CSCun13225 - FWSM DOC - ACL-Enabled Inspection Limitation

Last Modified

Mar 17, 2014

Products (1)

  • Cisco Catalyst 6500 Series Firewall Services Module

Known Affected Releases


Description (partial)

Configuring Inspection with ACL can cause unexpected ACL memory exhaustion,
even while node has plenty of free ACL nodes. Node might not fully recover, from
the error and some nameif might be gone from running configuration & hardware.

Note: Variable "n" needed to hit issue is unpredictable.

access-list ACL extended permit tcp any <S1> <M1> eq sunrpc
..<n x ACE>
access-list ACL extended permit tcp any <Sn> <Mn> eq sunrpc

service-policy GLOBAL_POLICY global

policy-map GLOBAL_POLICY
    inspect sunrpc
class-map SUNRPC_CLASS
match access-list ACL

Inspection with ACL.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.