Guest

Preview Tool

Cisco Bug: CSCus64082 - ASA fails to sync objects with name ANY after upgrade from 8.4 to 9.x

Last Modified

Jun 01, 2017

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

9.1(2) 9.1(5)

Description (partial)

Symptom:
Standby ASA fails to sync objects with name ANY used in ACE after the zero downtime upgrade from 8.4.x/8.6.x to 9.x.

The below errors are seen on the console during the configuration replication:
ERROR: specified object <any4> does not exist
ERROR: object () does not exist.

Due to missing configuration the standby ASA may enter into a boot loop.

Conditions:
ASA configured with object name ANY and that object is used in an access-list.

object network ANY 
   subnet 0.0.0.0 0.0.0.0

access-list outside-in extended permit tcp object ANY host <ip-addr>
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.