Preview Tool

Cisco Bug: CSCuq41737 - Shared nested class-map applied to zone-pair will affect other zonepairs

Last Modified

Nov 27, 2020

Products (9)

  • Cisco 2600 Series Multiservice Platforms
  • Cisco 7206 Router
  • Cisco 7301 Router
  • Cisco 7206VXR Router
  • Cisco 7204 Router
  • Cisco 7202 Router
  • Cisco 7200 Series NPE-G2 Network Processing Engine
  • Cisco 7201 Router
  • Cisco 7204VXR Router

Known Affected Releases


Description (partial)

When changing a class-map for a particular zone-pair, a different zone-pair/s will also be affected by the change. For example, class-map PROTOCOLS is nested into 3 different Class-maps which is applied to different Policy-Maps.

class-map type inspect match-all IN-TO-OUT
   match access-group name IN-TO-OUT-ACL
   match class-map PROTOCOLS
class-map type inspect match-all OUT-TO-IN
   match access-group name OUT-TO-IN-ACL
   match class-map PROTOCOLS 
class-map type inspect match-all DMZ-TO-IN
   match class-map PROTOCOLS
   match access-group name DMZ-TO-IN-ACL

For example, If class-map PROTOCOLS is removed/modified from one of the zone class-maps, it will also affect traffic in other zones with the nested class-map PROTOCOLS.

ZBF firewall with Shared Nested class-map applied to different zone-pairs
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.