Guest

Preview Tool

Cisco Bug: CSCvt91720 - router see http wsma request as coming from 192.168.1.5

Last Modified

Sep 10, 2020

Products (14)

  • Cisco ASR 1000 Series Aggregation Services Routers
  • Cisco ASR 1000 Series IOS XE SD-WAN
  • Cisco 4221 Integrated Services Router
  • Cisco 4331 Integrated Services Router
  • Cisco ASR 1002-X Router
  • Cisco 4321 Integrated Services Router
  • Cisco ASR 1001-X Router
  • Cisco 4351 Integrated Services Router
  • Cisco ISR 1000 Series IOS XE SD-WAN
  • Cisco ISR 4000 Series IOS XE SD-WAN
View all products in Bug Search Tool Login Required

Known Affected Releases

16.9.4 16.9.5

Description (partial)

Symptom:
http wsma POST requests appear to the router as they would be coming from 192.168.1.5 IP address instead of actual src IP address. IN result the connection is rejected with below message seen in wsma debug if an ACL blocking IP 192.168.1.5 is applied: 

"GSI: wsma infra _s_http[0x7FAFA8B68848]: rejecting connection from 192.168.1.5, due to access list 80"

Conditions:
Seen on ASR1k with 16.9.4 software version and with applied ACL blocking IP 192.168.1.5

access-list 80 permit 10.x.x.x - Client IP.

username wsma password 0 wsma
wsma agent exec
profile WSMA
wsma agent config
profile WSMA
wsma profile listener WSMA
transport http
acl 80 <<<
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.