Guest

Preview Tool

Cisco Bug: CSCvs26402 - NAT policy configuration range limit to be imposed for non service cmds as well

Last Modified

Dec 10, 2019

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

9.13(1.3) 9.9(2)

Description (partial)

Symptom:
In certain cases, a policy deployment may timeout and fail when deploying to an FTD device.  Subsequent deployments may also fail due to FMC not successfully retrieving the running configuration from the device.

Conditions:
This can occur when attempting to deploy NAT policies that contain objects with a very large number of IP addresses even without service objects (TCP, UDP ports).  This usually occurs due to the use of range-based objects since each IP address in the range is treated as an individual host instead of a subnet object.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.