Scheduler Queue Corruption leads to connectivity failures or failover problems after 9. ARP functions fail after days of uptime, drop with error 'punt-rate-limit-exceeded'. Skip to content Skip to search Skip to footer. Available Languages. Download Options. Updated: October 16, This section lists new features for each release. Note New, changed, and deprecated syslog messages are listed in the syslog message guide.
Support to enable and disable the results for free memory and used memory statistics during SNMP walk operations To avoid overutilization of CPU resources, you can enable and disable the query of free memory and used memory statistics collected through SNMP walk operations.
Firewall Features Support for removing the logout button from the cut-through proxy login page. New or modified command: mac-address auto Also in 9. We did not modify any commands. ASAv5 1. We added the following command: timeout icmp-error High Availability and Scalability Features Improved cluster unit health-check failure detection You can now configure a lower holdtime for the unit health check:. Change for tunnelgroup webvpn-attributes We changed the pre-fill-username and secondary-pre-fill-username value from clientless to client.
We introduced the following commands: aaa authentication login-history, show aaa login-history Password policy enforcement to prohibit the reuse of passwords, and prohibit use of a password matching a username You can now prohibit the reuse of previous passwords for up to 7 generations, and you can also prohibit the use of a password that matches a username. We introduced the following commands: password-history, password-policy reuse-interval, password-policy username-check Separate authentication for users with SSH public key authentication and users with passwords In releases prior to 9.
Also in Version 9. To view your current version and model, use one of the following methods: CLI—Use the show version command. Note ASA 9. Note You must have a Cisco. This section lists resolved bugs per release. Pool full. CAB has expired Code Signing cert. Unable to allocate new session. CSCvh snmp: After upgradet to 9. ASDM works with hostscan disabled. CSCve Don't offer 9. We did not resolve any bugs in this release. CSCvb Webvpn rewriter failing on matterport.
Was this Document Helpful? Yes No Feedback. VPN Features. Administrative Features. Platform Features. Firepower Active LED now lights amber when in standby mode. Formerly, the Active LED was unlit in standby mode.
Support for removing the logout button from the cut-through proxy login page. Trustsec SXP connection configurable delete hold down timer.
Support for legacy SAML authentication. Interface Features. Unique MAC address generation for single context mode. ASA for the Firepower series.
We modified the following command: fips enable. You can now deploy the ASAv as an M4 instance. ASAv50 platform. Global timeout for ICMP errors. We changed the pre-fill-username and secondary-pre-fill-username value from clientless to client. AAA Features. Login history. Configuration Generation in the crypto portion changes without configuration change. ASDM load fails with the error message:The flash device is in use by another task.
ASA may log negative values for conn-max exceeded syslog and drop permitted traffic. Throughput drop when LINA capture is applied on various platforms. ASA: Watchdog traceback in Datapath. OSPF neighbor command not replicated to standy after write standby or reload. ASA policy-map configuration is not replicated to cluster slave.
Traceback when syslog sent over VPN tunnel. GTP inspection may spike cpu usage. Default DLY value of port-channel sub interface mismatch. An ASA may Traceback and reload when processing traffic. Firepower Series might report failure due to MIO-blade heartbeat failure. Stuck uauth entry rejects AnyConnect user connections. ASA device power supply Serial Number not in the snmp response.
Hanging downloads and slow downloads on a FPR due to http inspect. Neighbour Solicitation messages are observed for IPv6 traffic. Flow-offload rewrite rules not updated when MAC address of interface changes.
In version 9. Traceback: Thread Name: IPsec message handler. Bonita BPM app's web pages access fail via webvpn. Firepower Threat Defense asa traceback for unknown reason.
Trustsec SXP delete hold down timer value needs to be configurable. ASA portchannel lacp max-bundle 1 hot-sby port not coming up after link failure. Multicast dropped after deleting a security context.
Change 2-tuple and 4-tuple hash table to lockless. Traceback at "ssh" when executing 'show service-policy inspect gtp pdp-context detail'. IP Local pools configured with the same name. ASA traceback when logging host command is enable for IPv6 after each reboot. WebPage is not loading due to client rewriter issue on JS files. ASA Smart Licensing messaging fails with 'nonce failed to match'.
ASA: 9. Flows get stuck in lina conn table in half-closed state. ASA running 9. GTP soft traceback seen while processing v2 handoff. SSH session stuck after committing changes within a Configure Session. ASA CP core pinning leads to exhaustion of core-local blocks.
Traceback and reload due to GTP inspection and Failover. Traceback: ASA 9. Async queue issues with fragmented packets leading to block depletion Qos applied on interfaces doesn't work. ASA is stuck on "reading from flash" for several hours.
GTP delete bearer request is being dropped. With v1 host configured, a v2c walk from that host succeeds. Route tracking failure. Unable to modify access control license entry with log default command. ASA not inspecting H H Spin lock traceback when changing vpn-mode with traffic. Only first line of traceroute is captured in event manager output. Webvpn Clientless- password management issue. FTD device rebooted after taking Active State for less than 5 minutes.
Traceback and reload when displaying CPU profiling results. ASA traceback when removing interface configuration used in call-home. ASA routes change during OS upgrade. Specified virtual mac address could not display when executing "show interface". ASA stops authenticating new AnyConnect connections due to fiber exhaustion. DTLS fails after rekey. ISA interoperability issue with Nokia router. ASA traceback and reload due to multiple threads waiting for the same lock - watchdog.
ASA Multicontext traceback and reload due to allocate-interface out of range command. Syslog ID generated incorrectly. Upgrading ASA cluster to 9. Unable to remove access-list with 'log default' keyword. Tunnel Group: 'no ikev2 local-authentication pre-shared-key' removes local cert authen. EIGRP breaks when new sub-interface is added and "mac-address auto" is enabled. AnyConnect session rejected due to resource issue in multi context deployments.
Standby may enter reboot loop upon upgrading to 9. SCP large file transfer to the box result in a traceback. Failover mac address configured on interface does not allow to delete subinterface. Smart Tunnel bookmarks don't work after upgrade giving certificate error. ASA fails command authorization if tcp syslog is down. Traceback and reload citing Datapath as affected thread.
ASA may traceback and reload. Potentially related to WebVPN traffic. Memory leak while inspecting GTP traffic. ASA 8. All "4 byte blocks" were depleted after a weekend VPN load test. ASA Memory depletion due to scansafe inspection. Capturing asp-drop causes unexpected ASA failure.
SNMP::User is not added to a user-list or host ,after reconfigure it. Stale VPN Context issue seen in 9. IPv6 Addresses intermittently assigned to AnyConnect clients. DAP config restored but inactive after backup restore.
ASA not sending register stop when mroute is configured. ASA creates a BVi0 interface on a custom routed context. Webvpn rewriter failing for internal URL. ASA - 80 Byte memory block depletion. Try again. IKEv2 RA cert auth. Max sessions reached. Hostscan: Errors in cscan. Memory leak in byte bin when packet hits PBR and connection is built. ASA Routes flushed after failover when etherchannel fails.
Traceback with traffic in 3 node Intra Chassis Cluster. ASA - rare scheduler corruption causes console lock. ASA : After upgrading from 9. ASA : High memory utilization when inspection enabled. Chunk memory not released back to the system after stopping traffic.
Crash on Standby Firepower module after Policy deployment. Javascript elements rewriter issue. ASA broadcasting packets sent to subnet address as destination IP. SNMP deployment failure causes policy rollback. ASA traceback due to block exhaustion. ASA traceback: thread name scansafe.
ASA running on 9. SSL handshake fails with large certificate chain size. Modifying service object-groups add and remove objects removes ACE. Sysopt permit-vpn behavior change to prevent unintended clear-text traffic. Direct Authentication is not working in ASA cluster.
FTD: IPv6 traffic is not being load-balanced as per 5-tuple algorithm. Kenton: ASA traceback on policy deploy. ASA:multi-session command being configured after write erase.
CSM failed to parse the tcp-state-bypass logs. Blocks of size 80 leak observed when IRB is used in conjunction with multicast traffic. NAT'd traffic with flow offload is not working in transparent mode. ARP traffic should not be hardcoded to be sent to Snort for inspection. ACLs with source objects that are ranges incorrectly track hit counts. Both ASA traceback in high availability pair on chassis. ASDM stops working with hostscan enabled. Memory leak in idfw component on ASA. Freed memory not released back to the system quick enough on ASA x platforms.
Slow byte block leak due to fragmented traffic over VPN. Unable to completely disable scansafe application health checking. ASA and putty: Incoming packet was garbled on decryption. ASA backup command fails to backup identity certificate. FQDN object are getting resolved after removing access-group configuration. ASA traceback when failing over to standby unit. Rest-Api gives empty response for certain queries. ASA Traceback and goes to boot loop on 9. Standby ASA traceback during replication from mate 9.
Upon reboot, non-default SSL commands are removed from the Firepower ASA does not report accurate free memory under "show memory" output. ASA: dns expire-entry-timer configuration disappears after reboot. Memory leak on webvpn. Illegal update occurs when device removes itself from the cluster. FPR asa traceback for unknown reason.
Support for more than characters for Split DNS value. OSPF multicast filter rules missing in cluster slave. Implement detection and auto-fix capability for scheduler corruption problems. Logs lost when TCP is used as transport protocol for Syslogs. CEP records edit page take minutes to load. ASA block gradual depletion. VTI - Some sessions do not get cleared from vpn-sessiondb.
Syslog logging messages performance is low with tcp protocol. Error configuring the interface in multi-context mode. Copy to running-config with a loop reloads the box with no indication as to why. Traceback when modifying interfaces.
ASA erroneously triggers syslog ID Crash when clearing interface configuration and NAT. Packets encrypted through virtual tunnel interface have source MAC of ASA crashes after entering the command "debug menu ike-common 11".
ASA with 9. ASA in cluster results in incorrect user group mappings between the Master and Slave. Web folder filebrowser applet code signing certificate expired. ASA may generate an assert traceback while modifying access-group. Traceback due to webvpn process configuration. In security context, cannot generate the SNMP events trap.
Increase memory allocated to rest-agent on ASAv5. ASA traceback when trying to remove configured capture. Unable to switch standby unit of the failover pair to active. ASA Beta: asp load-balance output inconsistent with show run vs. FTD traceback observed during failover synchronization. ASA traceback when customer was authenticating to AnyConnect.
Table 1 describes the end-of-life milestones, definitions, and dates for the affected product s. Table 2 lists the product part numbers affected by this announcement. For customers with active and paid service and support contracts, support will be available under the terms and conditions of customers' service contract. Table 1. End-of-Life Announcement Date.
The date the document that announces the end-of-sale and end-of-life of a product is distributed to the general public. August 6, The last date to order the product through Cisco point-of-sale mechanisms.
The product is no longer for sale after this date. February 4, Actual ship date is dependent on lead time. May 5, The last date that Cisco Engineering may release any final software maintenance releases or bug fixes. After this date, Cisco Engineering will no longer develop, repair, maintain, or test the product software.
The last date to extend or renew a service contract for the product.
0コメント