Cisco Bug: CSCvv68669 - Traffic to virtual IP address dropped on system context of Master ASA due to failed classification
Oct 27, 2020
- Cisco Adaptive Security Appliance (ASA) Software
Known Affected Releases
Symptom: In an ASA cluster multi-context setup running on Firepower 9300 appliance, when the same interface(subinterfaces) is used as the management interface of multiple contexts , the traffic to the Virtual IP address of the cluster, that is on the Master node, is dropped in the system context of the ASA application with the asp drop reason being Drop-reason: (ifc-classify) Virtual firewall classification failed Conditions: Same physical sub-interface is shared across multiple user contexts and the interfaces from different user contexts share the same MAC .
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases