Preview Tool

Cisco Bug: CSCvs85196 - ASA SIP connections drop after several consecutive failovers: pinhole timeout/closed by inspection

Last Modified

Sep 17, 2020

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

9.6(4.17) 9.8(3.14) 9.8(4.8)

Description (partial)

After several consecutive failover events ASA is dropping some connections (up to 40% in some incidents).

Following is visible in the logs:
- after failover some pinholes related to affected connections may be closed;
- connection still exists, when firewall received SIP Register message;
- connection is closed by inspection upon receiving SIP Register message;
- further packets belonging to this connection are dropped due to lack of connection ('Deny TCP (no connection)' in logs, 'First TCP packet not SYN' in ASP drops).

Several consecutive failover events hapenning in short intervals (~5 minutes)
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.