Preview Tool

Cisco Bug: CSCun41817 - Hash calculated for multiple ACEs on ASA are same

Last Modified

Apr 16, 2020

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

8.4(1) 9.0(1) 9.1(4)

Description (partial)

Hash calculation for multiples ACLs with Service object output the same hash. 
When Service Object followed by Source network object group, the hash input takes only the protocol and not the port for hash calculation. Due to this the hash for the multiple ACEs with different service object and same src network and dest network object group has same hash calculated.

If any ACE contain Service Object followed by the network obj-groups.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.