Guest

Preview Tool

Cisco Bug: CSCvi62203 - HA Config sync errors during reload

Last Modified

Mar 31, 2018

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

9.6(4.3) 9.8(2)

Description (partial)

Symptom:
When http server is enabled at port 22 first and after that if SSH is enabled then we get the following error (expected by design):

ciscoasa/act(config)#http server enable 22
ciscoasa/act(config)#http 0 0 ins
ciscoasa/act(config)# ssh 0 0 ins
ERROR: Unable to configure service on port 22, on interface 'ins'. This port is currently in use by another feature
Usage: [no] ssh {<local_ip>|<hostname>} <mask> <if_name>
        [no] ssh cipher encryption { <level> | custom <encryption-alg> }
        [no] ssh cipher integrity { <level> | custom <integrity-alg> }
        [no] ssh key-exchange group {dh-group1-sha1 | dh-group14-sha1}
        [no] ssh pubkey-chain
        [no] ssh scopy enable
        [no] ssh strickhostkeycheck
        [no] ssh timeout <number>
        show ssh [sessions [<client_ip>]]
        show ssh ciphers
        ssh disconnect <session_id>
        show running-config [all] ssh
        clear configure ssh

 On the contrarily if we reverse the order in which the configuration was entered i.e. SSH is already configured and then http is enabled on port 22, the configuration is entered without any error, which should not be the case as when same port is utilized by two different services it causes conflicts.

ciscoasa/act(config)# ssh 0 0 ins
ciscoasa/act(config)# http server enable 22
ciscoasa/act(config)# http 0 0 ins

In the above case when the devices in HA are reloaded, the commands could be executed in the first order causing an config sync error.

Conditions:
Multiple services using the same TCP port.  In this case SSH.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.