Preview Tool

Cisco Bug: CSCvs26402 - NAT policy configuration range limit to be imposed for non service cmds as well

Last Modified

May 05, 2020

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

9.12(2.4) 9.13(1.3) 9.9(2) 9.9(2.200)

Description (partial)

In certain cases, a policy deployment may timeout and fail when deploying to an FTD device.  Subsequent deployments may also fail due to FMC not successfully retrieving the running configuration from the device.

This can occur when attempting to deploy NAT policies that contain objects with a very large number of IP addresses even without service objects (TCP, UDP ports).  This usually occurs due to the use of range-based objects since each IP address in the range is treated as an individual host instead of a subnet object.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.