Guest

Preview Tool

Cisco Bug: CSCvv43349 - ASDM: Ask to apply changes without config changes for VPN connection profile

Last Modified

Sep 02, 2020

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

9.13(1) 9.13(1.12) 9.14(1) 9.14(1.19)

Description (partial)

Symptom:
It is confirmed starting the ASA code 9.13.1, when you go to ASDM, Configure, Site-to-Site, Connection Profiles, then open a connection profile and cancel it without any configuration change made, then the 'Apply' button is highlighted as if we made a configuration change.

After checking the pre-deployment lines we confirmed the ASDM is trying to apply the next crypto map pfs changes in the connection profile:

'crypto map outside_map 1 set pfs group5'

Conditions:
Site to site VPN tunnel configuration setup in the ASA and any of the next ASA codes running: 9.13.1, 9.13.1.12, 9.14.1 and 9.14.1.9. It does not matter the ASDM code use:

ASDM 7.12.1 and ASA 9.12.2 - not happening.
ASDM 7.13.1 and ASA 9.12.2 - not happening.
ASDM 7.14.1.48 and ASA 9.12.2 - not happening.
ASDM 7.13.1 and ASA 9.13.1 - Issue happening.
ASDM 7.14.1.48 and ASA 9.13.1 - Issue happening.
ASDM 7.14.1.48 and ASA 9.13.1.12 - Issue happening.
ASDM 7.14.1.48 and ASA 9.14.1 - Issue happening.
ASDM 7.14.1.48 and ASA 9.14.1.19 - Issue happening.

This problem is confirmed not happening when running ASA code 9.12.2.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.