Nat rule unexpectedly disappears after ASA software update

Unanswered Question
May 31st, 2010

Hi folks,

i have this estranged situation: I have two ASA's 5520 in Active/Standby failover mode. After the software update from 8.2(1) to 8.2(2) one of NAT(PAT) rules in outside interface unexpectedly disappeared from startup configuration/running configuration. The estranged situation is that the only the LAST rule disappeared. I think that this could be a memory allocation bug or something like that.

Do you saw something like that?

Searching for bugs in cisco bug toolkit, i found this one:

Unexpected  ACL recompile failure messages ( CSCtd34212 )


Due to memory exhaustion issues ACLs  were not properly compiled and traffic was failing.


While  working on a 5520 in the solution test set up and trying to run a mix  of HTTP, SMTP, DNS, SIP traffic it was observed from the Agilent test  tool that the SMTP traffic was not passing.  Upon further review the  following messages were seen on the console:

% Failed to allocate  regular expression state table: 520FAIL re_compile, not all rules are  compiled

This appears to be a memory exhaustion issue.


Rafael Petter

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Federico Coto F... Mon, 05/31/2010 - 11:37


Seems like a bug indeed, but not the one you're referring to.

I've seen behaviors like this when gong to 8.3 (not staying in 8.2.x)

Almost positive it's a bug...

Did you enter the NAT statement again and everything is working fine?


rafaelpetter Mon, 05/31/2010 - 11:48

Hello Federico,

thanks for you reply.

when i put the NAT rule again, everything works fine.

There is an official report from Cisco to this behavior?

Thanks you!

Rafael Petter

Federico Coto F... Mon, 05/31/2010 - 12:23


Not sure if there's a bug filled up with this behavior.

You might want to open a TAC case for that.



This Discussion