Cisco Bug: CSCur24059 - Control Plane ACL Not Working for Redirected HTTP Traffic

Last Modified

Apr 16, 2020

Products (1)

Cisco ASA 5500-X Series Firewalls

Known Affected Releases

9.0(4)

Description (partial)

Symptom:
For HTTP traffic redirected by the  'aaa authentication listener http inside port (x) redirect' command, port (x) is not blocked when control-plane ACL is applied.

Conditions:
access-list TEST extended deny tcp any any eq 900 
access-list MATCH extended permit tcp any any eq www 
!
access-group TEST in interface inside control-plane
!
aaa authentication match MATCH inside LOCAL
aaa authentication listener http inside port 900 redirect

View Bug Details in Bug Search Tool Login Required

Why Is Login Required?

Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

Full Description (including symptoms, conditions and workarounds)
Status
Severity
Known Fixed Releases
Related Community Discussions
Number of Related Support Cases

Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.

Learn More About Cisco Service Contracts