Guest

Preview Tool

Cisco Bug: CSCuo73544 - ASA: CPU hog when configuring overlapping NAT rules

Last Modified

Nov 13, 2019

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

9.1(4.5)

Description (partial)

Symptom:
When configuring overlapping NAT rules, a CPU hog may be seen that lasts for several hundred milliseconds. This will be visible in the output of 'show proccess cpu-hog', as well as a syslog (%ASA-4-711004):

%ASA-4-711004: Task ran for 384 msec, Process = accept/http, PC = 42b6a0, Call stack =   0x000000000042b6a0  0x000000000128b205  0x000000000128b509  0x000000000128d7fd  0x00000000012947ad  0x0000000001296fc8  0x0000000001287662  0x0000000001279d9c  0x000000000127e43d  0x000000000113c121  0x00000000010fe532  0x00000000010ffc95  0x00000000004ba5c8  0x00000000004bad9c

Conditions:
This issue only occurs when configuring overlapping NAT rules.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.