Cisco Bug: CSCun41817 - Hash calculated for multiple ACEs on ASA are same
Apr 16, 2020
- Cisco ASA 5500-X Series Firewalls
Known Affected Releases
8.4(1) 9.0(1) 9.1(4)
Symptom: Hash calculation for multiples ACLs with Service object output the same hash. When Service Object followed by Source network object group, the hash input takes only the protocol and not the port for hash calculation. Due to this the hash for the multiple ACEs with different service object and same src network and dest network object group has same hash calculated. Conditions: If any ACE contain Service Object followed by the network obj-groups.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases