Cisco Bug: CSCur97335 - ASA devpkg only program partial functions in SG
Nov 08, 2016
- Cisco ASA 5500-X Series Firewalls
Known Affected Releases
Symptom: When using ASA device package with APIC L4-L7 service graph, if user is using a 3-node graph to create the following toplogy/traffic flow: C | C1 \/ +--+ +----+ |NS| |ASAv| |N2|<-C2-| N1 | | |-C3->| N3 | +--+ +----+ | C4 \/ P C -> N1 -> N2 -> N3 -> P N1 and N3 are the same ASAv with C2 and C3, is mapped to the same CDev (shared interface) N2 is Citrix, it is programmed correctly Here is how it is mapped in LDev: outside (C1) -> N1 -> vpx-out (C2) vpx-in (C3) -> N3 -> dmz (C4) For CDev on the ASAv G0/0 - outside G0/1 - dmz G0/2 - vpx-out, vpx-in Under debug.log in APIC, the [Configuration argument] is correct but the post request doesn't have the N1's configuration. Only N3 exist. Conditions: Using APIC L4-L7 3-node graph to create 3x security zone.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases