Guest

Preview Tool

Cisco Bug: CSCup07330 - ASA: no auth prompt when accessing internet website using ASA-CX

Last Modified

Apr 16, 2020

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

9.1(5)

Description (partial)

Symptom:
When a user launches a web browser  to access an encrypted/non-encrypted web site on the internet through  ASA-CX context filtering performing active authentication, no authentication prompt is received by the user resulting in a hung browser connection.

Conditions:
From left to right if the 3rd bit in the 2nd byte (3rd most significant bit in the 3rd hex nibble) of the mac address is set to one, the ASA will drop the SYN-ACK packet resulting in a failed TCP connection.  Since the user's browser never establishes a TCP connection with the CX  module, the user never receives an authentication prompt and this results in a hung browser connection.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.