Guest

Preview Tool

Cisco Bug: CSCvu26296 - ASA interface ACL dropping snmp control-plane traffic from ASA

Last Modified

Sep 17, 2020

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

9.14(1)

Description (partial)

Symptom:
ASA running 9.14 generating massive amounts of syslogs pertaining to snmp and the nlp_int_tap interface (example below):

%ASA-4-106023: Deny udp src nlp_int_tap:169.254.1.2/54923 dst inside:192.168.100.10/162 by access-group "inside_access_out" [0x0, 0x0]

Conditions:
- ASA 9.14 configured to offload snmp traps to snmp server (any version 1|2c|3)
- ASA configured with outbound ACL not explicitly permitting aforementioned snmp traffic
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.