Preview Tool

Cisco Bug: CSCuw32125 - ASA stacktrace in vpn client disconnect that had dACL applied

Last Modified

Nov 09, 2016

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases


Description (partial)

On the console of an ASA, the following stacktrace is seen.

Aug 12 14:54:50 %ASA-0-711001: -Traceback: 000000000042A63E 0000000001187B31 00000000011A7195 00000000011A75B3 00000000011AFBDD 00000000011B1738 0000000000531469 0000000000532D1E 0000000000540F86 0000000000531F1F 00000000004286D5

It decodes to the following:

   Image Type:  asa
   Executable:  smp
   Symbol File: smp.sort
   000000000042A63E <process_suspend+302 at finesse/thread.c:1329>
   0000000001187B31 <clear_extended_acl_nolock+1393 at pix/../datastruct/dlist.h:284>
   00000000011A7195 <clear_acl+405 at pix/access_list.c:8719>
   00000000011A75B3 <acl_destroy_dyn_yes_no_standby+195 at pix/access_list.c:1932>
   00000000011AFBDD <free_user_xlate_pix+925 at pix/uxlate.c:673>
   00000000011B1738 <vpn_remove_uauth+264 at pix/pix_uauth.c:353>
   0000000000531469 <ctm_ipsec_free_sa+5049 at ctm/ctm_ipsec.c:8104>
   0000000000532D1E <ctm_ipsec_destroy_sa+446 at ctm/ctm_ipsec.c:3123>
   0000000000540F86 <ctm_ipsec_pfkey_parse_msg+1766 at ctm/ctm_ipsec_pfkey.c:799>
   0000000000531F1F <ctm_ipsec_handler+1567 at ctm/ctm_ipsec.c:4377>
   00000000004286D5 <t_start+101 at finesse/thread.c:310>

The stack trace decode suggest that it occurs when a client disconnects that had a dACL applied.

ASA 5580-40 running version asa904-17-smp-k8
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.