Cisco Bug: CSCvh83145 - ASA interface IP and subnet mask changes to 0.0.0.0 0.0.0.0 causing outage of services on interface
Jul 26, 2019
- Cisco ASA 5500-X Series Firewalls
Known Affected Releases
9.7(1) 9.8(1) 9.9(1)
Symptom: In a rare corner case the ASA changes one of its interfaces from a valid static IP address to 0.0.0.0 0.0.0.0. Example: Previous IP configuration: interface GigabitEthernet0/0 nameif inside security-level 100 ip address 192.168.1.1 255.255.255.0 When the problem is encountered: interface GigabitEthernet0/0 nameif inside security-level 100 ip address 0.0.0.0 0.0.0.0 Conditions: This has been detected to affect versions 9.7(1) and later. To encounter this problem the following conditions must be met: 1) The ASA must be configured for Remote Access VPN using an external DHCP server to provide IP addresses to the remote clients 2) Packet loss must be experienced between the ASA and the DHCP server or the DHCP server needs to go offline during certain steps in the DHCP process/renewals If the DHCP exchange encounters packet drops such that not all the responses arrive at the ASA the problem might be triggered.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases