Cisco Bug: CSCvs26402 - NAT policy configuration range limit to be imposed for non service cmds as well
May 05, 2020
- Cisco ASA 5500-X Series Firewalls
Known Affected Releases
9.12(2.4) 9.13(1.3) 9.9(2) 9.9(2.200)
Symptom: In certain cases, a policy deployment may timeout and fail when deploying to an FTD device. Subsequent deployments may also fail due to FMC not successfully retrieving the running configuration from the device. Conditions: This can occur when attempting to deploy NAT policies that contain objects with a very large number of IP addresses even without service objects (TCP, UDP ports). This usually occurs due to the use of range-based objects since each IP address in the range is treated as an individual host instead of a subnet object.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases