Guest

Preview Tool

Cisco Bug: CSCup85529 - ASA Smart Call does not hide IPv6 addresses for ND

Last Modified

May 28, 2020

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

9.1(4)

Description (partial)

Symptom:
An ASA using SmartCallHome will send its configuration with IP address information removed. The IP address is removed from NAT, objects, interfaces, etc. The ASA doesn't remove IPv6 addresses using in the ND configuration on the interface. For example, see the below output from SmartCallHome:

interface Vlan2
 nameif inside
 security-level 100
 ip address <IP removed> <IP removed> 
 ipv6 address <IPv6 removed>/64
 ipv6 nd reachable-time 300000
 ipv6 nd ra-interval 10
 ipv6 nd ra-lifetime 300
 ipv6 nd prefix default 86400 43200
 ipv6 nd prefix 2001:db8:::/64 <=== This IPv6 address is not removed
 ipv6 nd managed-config-flag

Conditions:
This only affects IPv6 addresses configured under the interface used for the ND settings.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.