Preview Tool

Cisco Bug: CSCvh83145 - ASA interface IP and subnet mask changes to causing outage of services on interface

Last Modified

Sep 16, 2019

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

9.7(1) 9.8(1) 9.9(1)

Description (partial)

In a rare corner case the ASA changes one of its interfaces from a valid static IP address to

Previous IP configuration:
interface GigabitEthernet0/0
 nameif inside
 security-level 100
 ip address

When the problem is encountered:
interface GigabitEthernet0/0
 nameif inside
 security-level 100
 ip address

This has been detected to affect versions 9.7(1) and later.

To encounter this problem the following conditions must be met:
1) The ASA must be configured for Remote Access VPN using an external DHCP server to provide IP addresses to the remote clients
2) Packet loss must be experienced between the ASA and the DHCP server or the DHCP server needs to go offline during certain steps in the DHCP process/renewals

If the DHCP exchange encounters packet drops such that not all the responses arrive at the ASA the problem might be triggered.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.