Guest

Preview Tool

Cisco Bug: CSCvv68669 - Traffic to virtual IP address dropped on system context of Master ASA due to failed classification

Last Modified

Oct 27, 2020

Products (1)

  • Cisco Adaptive Security Appliance (ASA) Software

Known Affected Releases

9.8(3.18)

Description (partial)

Symptom:
In an ASA cluster multi-context setup running on Firepower 9300 appliance, when the same interface(subinterfaces) is used as the management interface  of multiple contexts , the traffic to the Virtual IP address of the cluster, that is on the Master node, is dropped in the system context of the ASA application with the asp drop reason being 

Drop-reason: (ifc-classify) Virtual firewall classification failed

Conditions:
Same physical sub-interface is shared across multiple user contexts and the interfaces from different user contexts share the same MAC .
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.