Guest

Preview Tool

Cisco Bug: CSCun86984 - ASA 5505 u-turned/hairpinned conn counts toward license local-host limit

Last Modified

Nov 27, 2020

Products (2)

  • Cisco Adaptive Security Appliance (ASA) Software
  • Cisco Adaptive Security Appliance (ASA) Software

Known Affected Releases

8.4(1)

Description (partial)

Symptom:
An ASA 5505 counts hairpinned/u-turned traffic on an inside interface against the licensed local-host limit:

%ASA-4-450001: Deny traffic for protocol 6 src inside:10.1.110.10/52249 dst inside:192.168.1.100/23, licensed host limit of 10 exceeded.

Connections should only be counted against the host limit if they use the outside/Internet interface where a default route is configured.

Conditions:
This only affects traffic hairpinned on an inside interface for ASAs with a base license. Hairpinned traffic on the outside interface is not affected.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.