Cisco
ASA Interim Release Notes
The software images listed below are Interim releases. They contain bug fixes which address specific issues found since the last Feature or Maintenance release. The images are fully supported by Cisco TAC and will remain on the download site only until the next Maintenance release is available. If you do not have a specific problem which is resolved by an Interim release, we recommend that you use the Feature or Maintenance release images.
Important: These images were not fully regression tested. Each individual fix was unit tested, and the image has had a limited amount of automated regression testing to confirm a baseline of functionality. Keep this testing status in mind if you decide to run them in a production environment. We strongly encourage you to upgrade to a fully tested Maintenance or Feature release when it becomes available.
Revision: Version 8.3.1(6) – 06/15/2010
Files: asa831-6-k8.bin,
asa831-6-smp-k8.bin
Defects resolved since 8.3.1.4:
|
No accounting packet for some commands |
|
|
FIPS ASA will not pass FIPS POST in 8.2 |
|
|
NAT with ACL statements causing long
time to reboot. |
|
|
5580 traceback
at CP process while running 600 calls on 2 trunks |
|
|
Dhcpd
incorrectly sends DHCPNAK |
|
|
ASA 8.0.5+ webvpn
FTP bookmarks no longer will pass embedded user/pass |
|
|
Saving files in microsoft
word on sharepoint through webvpn
fails |
|
|
ASA traceback
when adding static nat command |
|
|
Links using macro substitution in
portal bookmarks greyed out in 8.3.1 |
|
|
Copy /pcap
capture fails when packet larger than 2k |
|
|
ASA uses different source IP for data
traffic of passive FTP connection |
|
|
Manual NAT rule (inside,any) source static always takes precedence |
|
|
ASA high CPU in DHCP Proxy thread |
|
|
ASA: cannot create _vpn
object-group |
|
|
Dynamic-filter syslogs
338004 and 338008 show '0' for src and dest ports |
|
|
Clientless WebVPN
not working with SAP Release 3 adobe forms |
|
|
ASA tracebacks
in Thread Name: IPsec message handler |
|
|
ASDM is not able to upload DAP
selection configuration |
|
|
HEAD requests blocked from a web folder
handler processing |
|
|
ASA MAC Smart tunnel file upload fails
after about 200 KB |
|
|
Traceback:
CP Processing |
|
|
Don't do DAP re-validation at svc
re-key and new tunnel generation |
|
|
Xlate
Idle Timer Incorrectly Refreshed by Dropped Packets |
|
|
ASA traceback
in Thread Name: Dispatch Unit |
|
|
RDP ActiveX Plugins
fails with 8.3.1 when ASA has CA Heirarchy |
|
|
Memory leak when using certs for SSL AAA |
|
|
WEBVPN: PDF form button doesn't work
with secure link |
|
|
OCSP: Need allow some slop on time
check for OCSP response |
Revision: Version 8.3.1(4) – 05/14/2010
Files: asa831-4-k8.bin,
asa831-4-smp-k8.bin
Defects resolved since 8.3.1.1:
|
Configure fail state link without IP addr causes LAND attack syslogs |
|
|
SIP builds many secondary conns with register msg but no registrar |
|
|
'show mroute' output has null Outgoing Interface List for (S,G) entry |
|
|
Removed ACL permits inbound packets |
|
|
PP: Incorrect Entry Installed in ASP Table for proxy-server command |
|
|
Traceback with Logging flash-bufferwrap configured and heavy logging |
|
|
TCP proxy in SIP inspection causing 1550 block deplete temporarily |
|
|
4GE-SSM will not transmit all fragments |
|
|
FTP download for files larger than 2GB doesn't work properly |
|
|
mcast pkts can interfere w/ other punts on the DP-to-CP queue |
|
|
Standby ASA shows ready when its has no communication to active ASA |
|
|
"possible channel leak" when loading with large configuration |
|
|
ASA 8.2 webvpn custom login page shows Javascript error with IE |
|
|
ASA5580 traceback in Thread Name: fover_FSM_thread |
|
|
ASA 8.04 - certificate chain not being sent during rekey w/ IPSEC RA |
|
|
WebVPN user-storage does not work if user logon as DOMAIN\Username |
|
|
SSH process may exist after being orphaned from SSH session |
|
|
LDAP authentication stops operating to Win2008 srvr after sometime |
|
|
ASA doesn't handle chunk encoding correctly |
|
|
Thread Name: netfs_thread_init |
|
|
SNAP frames are sent from Management interface in Transparent mode ASA |
|
|
ICMP error messages dropped in multi-context asymmetric routing mode |
|
|
Memory Leak In CIFS can casue memory depletion |
|
|
Copy to disk0 without ":", prefills dest as disk0, cant delete/view file |
|
|
Memory leak happens due to huge number of LDAP authentication failure |
|
|
show failover command authorization not available |
|
|
ASA 8.0.5 1550 block depletion with ASDM open |
|
|
ASA 5580 8.2(2) traceback with traffic across 10 Gig interfaces |
|
|
Option to change Pane Title missing from customization editor |
|
|
Active ASA unit tracebacks in Thread Name: ssh |
|
|
IPSec traffic not working after failover |
|
|
ldap-dn password is in the clear within running config |
|
|
asa standby unit reboots after acl config changes |
|
|
ASA/w 4-GE-SSM shows module status unresponsive after power surge |
|
|
DHCP learned route may not be removed at end of lease time |
|
|
Certificate map fails to match with case sensitive SAN |
|
|
quiting "show controller" command with 'q' key triggers failover |
|
|
ASA5580 high frequency tracebacks after upgrade 8.1.2 to 8.2.2 |
|
|
ASA 8.2.2 memory leak in inspect |
|
|
RST sent over L2L is dropped by peer due to tcp-rstfin-ooo |
|
|
ASA crashes when trying to print syslog 444110 in Thread Name: ms-client |
|
|
Standby Unit not getting session replicated, rerr TCP and UDP increasing |
|
|
ISAKMP Packet decode for IKE-Frag shows incorrect Frag ID (byte-swap) |
|
|
timebased license of shared license participant feature is broken |
|
|
ASA PKI: OCSP request does not contain host header |
|
|
Received unexpected event EV_TERMINATE in state MM_SND_MSG6_H |
|
|
Add nano sleep to cp process suspend handling |
|
|
call-home send CMD email - may fail with Lone CR or LF in headers |
|
|
ASA 8.3 fails to connect L2TP IPSec client with NAT-T |
|
|
ASA doesn't set correct MIME type for CSS files |
|
|
Flows torndown over VPN tunnel log 302014 with Flow closed by inspection |
|
|
%ASA-5-711005 generated when a L2TP client connects |
|
|
ASA: AAA Session limit [2048] reached when xauth is disabled for vpn |
|
|
Configure fail state link without IP addr causes LAND attack syslogs |
|
|
SIP builds many secondary conns with register msg but no registrar |
|
|
'show mroute' output has null Outgoing Interface List for (S,G) entry |
|
|
Removed ACL permits inbound packets |
|
|
PP: Incorrect Entry Installed in ASP Table for proxy-server command |
|
|
Traceback with Logging flash-bufferwrap configured and heavy logging |
|
|
TCP proxy in SIP inspection causing 1550 block deplete temporarily |
|
|
4GE-SSM will not transmit all fragments |
|
|
FTP download for files larger than 2GB doesn't work properly |
|
|
mcast pkts can interfere w/ other punts on the DP-to-CP queue |
|
|
Standby ASA shows ready when its has no communication to active ASA |
|
|
"possible channel leak" when loading with large configuration |
|
|
ASA 8.2 webvpn custom login page shows Javascript error with IE |
|
|
ASA5580 traceback in Thread Name: fover_FSM_thread |
|
|
ASA 8.04 - certificate chain not being sent during rekey w/ IPSEC RA |
|
|
WebVPN user-storage does not work if user logon as DOMAIN\Username |
|
|
SSH process may exist after being orphaned from SSH session |
|
|
LDAP authentication stops operating to Win2008 srvr after sometime |
|
|
ASA doesn't handle chunk encoding correctly |
|
|
Thread Name: netfs_thread_init |
|
|
SNAP frames are sent from Management interface in Transparent mode ASA |
|
|
ICMP error messages dropped in multi-context asymmetric routing mode |
|
|
Memory Leak In CIFS can casue memory depletion |
|
|
Copy to disk0 without ":", prefills dest as disk0, cant delete/view file |
|
|
Memory leak happens due to huge number of LDAP authentication failure |
Revision: Version 8.3.1(1) – 04/12/2010
Files: asa831-1-k8.bin, asa831-1-smp-k8.bin
Defects resolved since 8.3.1:
|
dhcp-network-scope
ip that matches interface can cause route deletion |
|
|
WARNING: The vlan
id entered is not currently configured under any int |
|
|
ASA 8.0(4) traceback
in Dispatch Unit due to stack corruption |
|
|
Traceback
in unicorn thread (outway_buffer_i) |
|
|
Remove "sysopt
nat-convert enable | start" support for broadview/main |
|
|
ASA: SIP inspect not opening pinhole
for contact header of SIP 183 msg |
|
|
tcp-intercept
doesn't start 3WH to inside |
|
|
SLA monitor fails to fail back when ip verify reverse is applied |
|
|
Traceback:
CTM message handler - L2TP and crypto reset - stack overflow |
|
|
SNAP frame with MAC address learned on
management-only interface is sent |
|
|
IPsec:
Outbound context may be deleted prematurely |
|
|
AnyConnect
2.4 can't connect but both auths are successful |
|
|
ASA traceback
when new DHCPD commands entered |
|
|
ASA running 8.0.4.32 traceback in Thread Name: Dispatch Unit |
|
|
CTA does not respond for EAP from ASA
8.0.5 with NAC |
|
|
Error event causes Syslog
199011 "Close on bad channel in process/fiber" |
|
|
VPN session not replicate to Standby
after Failover State Link failure |
|
|
FTP download for files larger than 2GB
doesn't work properly |
|
|
ASA5580 drops outbound ESP pkt if original pkt needs to be
fragmented |
|
|
ASA: Unable to pass traffic through an Airlink router w DTLS enabled |
|
|
CA ServiceDesk
hidden frame not showing |
|
|
Fails to export Local CA Cert after
rebooting ASA |
|
|
ASA SSL/TLS client sends TLSv1
handshake record in SSLv3 compat mode |
|
|
Disable URL entry should only disable
http/https |
|
|
ASA unable to assign users policy when
cancelling change password option |
|
|
ASA doesn't allow username length of
<4 characters |
|
|
msgid
in Language Localization are not synchronized |
|
|
SSL sockets stuck in CLOSE_WAIT status
using webvpn |
|
|
ASA5580 traceback
in thread DATAPATH-2-476, eip rt_timer_cancel_callback |
|
|
VPN user cannot ping to inside interface
with management-access config |
|
|
ASA 8.2 webvpn
custom login page shows Javascript error with IE |
|
|
AC Essentials not enabled w/ active ssl session should provide msg |
|
|
WebVPN
user-storage does not work if user logon as DOMAIN\Username |
|
|
OWA 2003 To, CC, BCC buttons in address
book does not work with webvpn |
|
|
ASA HW client: deny rule for DHCP
should account for remote subnets |
|
|
FO: "service resetoutside"
exists only in standby unit after failover |
|
|
ASA - Memory depleting 1% per day due
to snmp-server ipsec
configuration |
|
|
Traceback
in Dispatch Unit (Old pc 0x08180444 ebp 0xc793d980) |
|
|
Slow memory leak in WebVPN
related to CIFS cache |
|
|
IKE not passing Cert attr to LDAP server causing Authorization failure |