Cisco
ASA Interim Release Notes
The software images listed below are Interim releases. They contain bug fixes which address specific issues found since the last Feature or Maintenance release. The images are fully supported by Cisco TAC and will remain on the download site only until the next Maintenance release is available. If you do not have a specific problem which is resolved by an Interim release, we recommend that you use the Feature or Maintenance release images.
Important: These images were not fully regression tested. Each individual fix was unit tested, and the image has had a limited amount of automated regression testing to confirm a baseline of functionality. Keep this testing status in mind if you decide to run them in a production environment. We strongly encourage you to upgrade to a fully tested Maintenance or Feature release when it becomes available.
Revision: Version 8.4.3(9) – 03/22/2012
Files: asa843-9-k8.bin,
asa843-9-smp-k8.bin
Defects resolved since 8.4.3(8):
|
Fuzzing testbed, traceback in the
javascript parser |
|
|
ASA -crasActGrNumUsers does not update
tunnel groups after upgrade |
|
|
assert
traceback for ifc cfg removal with same-security intra-interface |
|
|
Nested obj does not work if contained
in src and dst of ACL |
|
|
'show mroute' has null Outgoing
Interface List for (*,G) entry w/ bidir |
|
|
'Route-Lookup' Option Should be Allowed
if One Real Interface is Known |
|
|
ASA: May fail FIPS Self-Test |
|
|
Traceback in Thread Name: CP Processing |
|
|
ASA NAT fails to due route look with
any as destination interface |
|
|
AdvCrypt: AnyConnect can connect but
can't pass data |
|
|
Post request for OCSP using non default
port is missing the port number |
|
|
HTTP TRACE method allowed when EASY-VPN
enabled |
|
|
ASA: Traceback in thread name EAPoUDP |
|
|
ASA WebVPN breaking when Windows Patch
KB2585542 is applied |
|
|
ASA traceback in thread fover_parse
while upgrading from 8.4.2 to 8.4.3 |
|
|
WEBVPN - upload of files larger then
2GB fails through CIFS |
|
|
ASA: OSPF redist with prefix routemap
advertises all static after reboot |
|
|
tcp-proxy
with skinny v17 inspection not allowing 7962 phone to register |
|
|
ASA: Failover due to data channel
failure when making IPS config changes |
|
|
ASA5585X PS0 does not send "entity
power-supply" trap |
|
|
PDP context idle timer is reset when
using the TID option in show cmd |
Revision: Version 8.4.3(8) – 03/01/2012
Files: asa843-8-k8.bin,
asa843-8-smp-k8.bin
Defects resolved since 8.4.3:
|
Warning message for,
"igmp static-group" - affective should be effective |
|
|
PIX/ASA: When route changes
connections over IPSEC tunnel not torn down |
|
|
ASA 8.3 upgrade traceback
in thread pix_flash_config_thread |
|
|
WebVPN:flv
file within the Flowplayer object is not played over webvpn |
|
|
WebVPN & ASDM doesn't
work on Chrome with AES & 3DES ciphers |
|
|
ASA may traceback in Thread
Name: DATAPATH-1-1235 (ipsecvpn-crypto) |
|
|
Radius Proxy to SDI -
AnyConnect prompts for next PASSCODE but shouldn't |
|
|
WebVPN:flv
file within the Flowplayer object is not mangled correctly |
|
|
object group not cleared when used for pat pool |
|
|
Standby ASA generates
syslog 210005 while transmitting data on FTP |
|
|
Link outage in Etherchannel
causes interface down and failover |
|
|
Nested obj does not work if
contained in src and dst of ACL |
|
|
SSM-4GE doesn't handle
unicast packets after "hw-module module 1 reset" |
|
|
ASA IKEv1 Traceback in
vpnfol_thread_msg ike_fo_create_new_sa on Standby |
|
|
Message from ASA is not
displayed about password complexity requirements |
|
|
Standby ASA 5585 Reporting
Service Card Failure on Signature Update |
|
|
ASA should not send data in
the 3rd message of TCP 3WHS w/ LDAP over SSL |
|
|
netflow: template only send once with default timeout-rate |
|
|
ASA5505: Primary active
unit crash due to mismatched host-limit license |
|
|
show vpn-sessiondb does not show LZS compression stats for
Anyconnect |
|
|
wrong vpn-filter gets applied when peers have overlapping address
space |
|
|
SharePoint2010:Cannot create new document |
|
|
ASA: Decrypted VPN packets
dropped due to bad-tcp-cksum when using NAT-T |
|
|
Some specific flash file
doesn't work through WebVPN on ASA |
|
|
npshim: Shared License Registration Fails w/ Empty TP applied to Int |
|
|
vpnclient mac-exempt cmd inconsistent when adding more than 16 entries |
|
|
ASA may traceback citing
Thread Name: qos_metric_daemon as culprit |
|
|
WebVPN:flv
file within the Flowplayer object is not played over webvpn |
|
|
ASA has stale ASP
classification entries for Anyconnect tunnels |
|
|
cannot pass "=" sign within the value of a parameter for the
SSH plugin |
|
|
Clientless VPN paging
application failure |
|
|
Backup Shared license
server remains ACTIVE even when the Master is up |
|
|
ASA 5580 traceback when CSM
attempts deployment |
|
|
ASA traceback in
emweb/https while bringing up many webvpn sessions |
|
|
ASA webvpn doesn't rewrite
some redirect messages properly |
|
|
ASA: Traceback after
removing 'ip address dhcp setroute' with DDNS |
|
|
DACL is not applied to AC
when connection via the webportal |
|
|
Incorrect MPF conn counts
cause %ASA-3-201011 and DoS condition for user |
|
|
TCP sequence space check
ignored in some cases |
|
|
WebVPN: CIFS: Incorrect
MIME type for PDF files - iPad/iPhone |
|
|
ASA - Failover message may
be lost during transition to active state |
|
|
Environmental SNMP Traps
Are Not Available on ASA5585 SSP-40 |
|
|
ASA5585 show inventory not
updated |
|
|
Traceback: assert failure
on thread radius_snd |
|
|
%ASA-3-201011: Connection
limit exceeded when not hitting value |
|
|
Natted traffic not getting
encrypted after reconfiguring the crypto ACL |
|
|
When ASA sends a username
with a "\", WSA logs errors. |
|
|
SSLVPN Portal uses
incorrect DNS Group after failover |
|
|
L2TP over IPSec connections
fail with ldap authorization and mschapv2 |
|
|
ACL Hashes calculated
during config migration are wrong |
|
|
Port Address Translation
(PAT) causes higher CPU after upgrade |
|
|
Page fault traceback with
thread name "pix_flash_config_thread". |
|
|
ASA 5585-X does not provide
aggregate system CPU load value via SNMP |
|
|
ASA: Traceback in Unicorn
Admin Handler when making DAP changes via ASDM |
|
|
print warning if interface in logging host cmd conflicts with routes |
|
|
ASA may reload with traceback
in Dispatch Unit related to WAAS inspect |
|
|
ASA does not recognize IPv6
VPN filter access-list for AnyConnect client |
|
|
IKEv2: ASA does not
re-establish more than one SA after disconnect |
|
|
Cut-through proxy - users
unable to log in |
|
|
ASA:In a rare corner case
ASA may crash while modifying FQDN object/acl |
|
|
Page fault traceback in
crypto_lib_keypair_show_mypubkey_all |
|
|
ASA mem leak w/EZVPN when
Subject DN has Multiple C,O,OU,CN fields. |
|
|
ASA: May traceback in
DATAPATH during capture |
|
|
Standby ASA traceback in
DATAPATH-0-1400 or Dispatch Unit |
|
|
Nas-Port attribute different for authentication and
accounting |
|
|
tunnel-group-preference not respected for AnyConnect 3.0
aggregate_auth |
|
|
Traceback when memory low
and memory profile enabled |
|
|
Webvpn : Javascript rewrite causing login button to be inactive |
|
|
ASA does not start DPD when
phase 1 up but phase 2 down |
|
|
ASA may not log syslogs
611101, 605005 for asdm sessions to certain int |
|
|
Configuring a network
object with an invalid range causes traceback |
|
|
class-map doesn't work after replacing ACL |
|
|
Clientless - VLAN assign't
under group-policy breaks tunneled dflt route |
|
|
SunRpc: Change from dynamic
ACL to pin-hole mechanism |
|
|
Standby ASA traceback while
trying to replicate xlates |
|
|
VPN session failure due to
auth handle depletion |
|
|
Webvpn: Can't copy &
paste in web portal with IE8 and IE9 |
|
|
Received unexpected event
EV_REMOVE in state AM_WAIT_DELETE |
|
|
cut through proxy authentication vulnerability |
|
|
Syslog 324001 Reason string
is missing |
|
|
ActiveX RDP Plugin fails to
connect from WIn7 PC after upgrade to 8.4(3) |
|
|
"X-CSTP-Tunnel-All-DNS"
not properly set in SMP images for split-dns |
|
|
ASA: 8.4 Page fault
traceback while displaying "sh run threat-detection" |
|
|
ASA: Page Fault traceback
in ssh thread when changing IKEv2 config |
|
|
MSFT KB2585542 breaks
cut-thru proxy and IUA |
|
|
Traceback in Unicorn Proxy
Thread under heavy WebVPN load |
|
|
Traceback when Converting
ACL Remarks of 100 Characters |
|
|
ASA Crashes or Simply
Reloads With Signal 11 in Unicorn Proxy Thread |