Cisco
ASA Interim Release Notes
The software images listed below are Interim releases. They contain bug fixes which address specific issues found since the last Feature or Maintenance release. The images are fully supported by Cisco TAC and will remain on the download site only until the next Maintenance release is available. If you do not have a specific problem which is resolved by an Interim release, we recommend that you use the Feature or Maintenance release images.
Important: These images were not fully regression tested. Each individual fix was unit tested, and the image has had a limited amount of automated regression testing to confirm a baseline of functionality. Keep this testing status in mind if you decide to run them in a production environment. We strongly encourage you to upgrade to a fully tested Maintenance or Feature release when it becomes available.
Revision: Version 8.4.6(5) – 07/12/2013
Files: asa846-5-k8.bin, asa846-5-smp-k8.bin
Defects resolved since 8.4.6:
|
reload due to block
depletion needs post-event detection mechanism |
|
|
Protocol Violation does not
detect violation from client without a space |
|
|
Traceback in ci/console
during context creation - ssl configuration |
|
|
Proxy ARP Generated for
Identity NAT Configuration in Transparent Mode |
|
|
CP Processing hogs in SMP
platform causing failover problems, overruns |
|
|
FIPS Self-Test
failure,fips_continuous_rng_test [-1:8:0:4:4] |
|
|
ASA verify /md5 shows
incorrect sum for files |
|
|
ASA stops decrypting
traffic after phase2 rekey under certain conditions |
|
|
ASA IKEv2 fails to accept
incoming IKEV2 connections |
|
|
ASA 8.6/9.x : Fails to
parse symbols in LDAP attribute name |
|
|
ASA: 256 byte blocks
depleted when syslog server unreachable across VPN |
|
|
ASA: cpu-hog in uauth_urlb
clean causing interface overruns. |
|
|
Traceback while editing
objects attached to NAT |
|
|
OSPF routes missing for 10
secs when we failover one of ospf neighbour |
|
|
Multicast,Broadcast traffic
is corrupted on a shared interface on 5585 |
|
|
ASA removes TCP connection
prematurely when RPC inspect is active |
|
|
ASA traceback in datapath
thread with netflow enabled |
|
|
move OSPF from the punt
event queue to its own event queue |
|
|
Webvpn: Cifs SSO fails
first attempt after AD password reset |
|
|
Floating route takes
priority over the OSPF routes after failover |
|
|
Unable to add static
NAT/PAT after upgrade to 8.4.5 |
|
|
ASA sip inspection memory
leak in binsize 136 |
|
|
ASA: Page fault traceback
in dbgtrace when running debug in SSH session |
|
|
Incorrect NAT rules picked
up due to divert entries |
|
|
Cisco ASA time-range object
may have no effect |
|
|
ASA changes user privilege
by vpn tunnel configuration |
|
|
Traceback when NULL pointer
was passed to the l2p function |
|
|
ASA LDAPS authorization
fails intermittently |
|
|
No value or incorrect value
for SNMP OIDs needed to identify VPN clients |
|
|
Webvpn: OWA 2010 fails to
load when navigating between portal and OWA |
|
|
ASA sends ICMP Unreach.
thro wrong intf. under certain condn. |
|
|
ASA 8.4.4.1 Keeps rebooting
when FIPS is enabled: FIPS Self-Test failure |
|
|
Clientless plugins are not
working |
|
|
cannot access Oracle BI via
clentless SSL VPN |
|
|
ASA console hangs with
duplicate nat statements of sh nat |
|
|
ASA has inefficient memory
use when cumulative AnyConnect
session grows |
|
|
Anyconnect
IKEv2:Truncated/incomplete debugs,missing 3 payloads |
|
|
ASA traceback on thread
Session Manager |
|
|
ASA - "Show
Memory" Output From Admin Context is Invalid |
|
|
Standby ASA continues to
forward Multicast Traffic after Failover |
|
|
Responder uses pre-changed
IP address of initiator in IKE negotiation |
|
|
Thread Name: Unicorn Proxy
Thread |
|
|
ASA Config Locked by
another session prevents error responses. |
|
|
Page fault on ssh thread |
|
|
DHCPD appends trailing dot
to option 12 [hostname] in DHCP ACK |
|
|
Multiple concurrent write
commands on ASA may cause failure |
|
|
ASA terminates SIP
connections prematurely generating syslog FIN timeout |
|
|
ASA traceback in Thread
Name: DATAPATH-4-2318 |
|
|
L2TP/IPSec traffic fails
because UDP 1701 is not removed from PAT |
|
|
Inconsistent behavior with
dACL has syntax error |
|
|
ASA: EIGRP Route Is Not
Updated When Manually Adding Delay on Neighbor |
|
|
ASA: "clear config
all" does not clear the enable password |
|
|
ASA IDFW: idle users not
marked as 'inactive' after default idle timeout |
|
|
Watchdog due to access-list
change during uauth |
|
|
Traceback when using VPN
Load balancing feature |
|
|
Traceback in Thread Name:
OSPF Router during interface removal |
|
|
Unable to display webpage
via WebVPN portal, ASA 9.0(2)9 |
|
|
ASA tearsdown TCP SIP phone
registration conn due to SIP inspection |
|
|
"show inventory"
displays no Power Supply if PS0 module pulled out |
|
|
Cisco ASA config rollback
via CSM doesnt work in multi context mode |
|
|
Traceback after upgrade
from 8.2.5 to 8.4.6 |
|
|
Re-transmitted FIN not
allowed through with sysopt connection timewait |
|
|
ASA:Traffic denied
'licensed host limit of 0 exceeded |
|
|
ASA memory leaks 3K bytes
each time executing the show tech-support. |
|
|
Different SNMPv3 Engine
Time and Engine Boots in ASA active / standby |
|
|
nat config is missing after
csm rollback operation. |