Cisco Bug: CSCvt77451 - ASA log/syslog message should mention reason for deny when same-security-interface is not present.
Apr 15, 2020
- Cisco ASA 5500-X Series Firewalls
Known Affected Releases
Symptom: Apr2020 08:24:03: %ASA-2-106001: Inbound TCP connection denied from x.x.x.x/36079 to x.x.x.x/6379 flags SYN on interface Test According to the ASA routing table both IP addresses will hit the same interface ; the Test interface . So the ingress and the egress interface will be the same . Now at the ASA we do not see log clearly mentioning that is denied due to absence of "same-security-traffic permit intra-interface". ASA should mention this clearly in logs for both same-security-traffic inter and intra. Conditions: Hairpinning traffic.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases