FW in Multiple context fails with nameif command

Unanswered Question
Aug 9th, 2010
User Badges:

Hi halijenn / kusankar / NT ,


I am having an issue in which customer is having ASA 5520 firewall pair (active , standby) , 8.0.3 Code running in mutiple context mode and having VPN Premium license.There are huge no. of context (approx 14) configured on the firewall , he says that as soon as the firewall was configured with one more logical interface and a nameif command was issued under the relevant context , the traffic stopped traversing across other contexts and he has to issue failover and susbequent reload of that firewall (on which issue happened ) to get back to normal . He doesnot have syslogs for that instance .Please let me know if this is a bug or if there is any probability that he might have gone wrong somewhere .

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Kureli Sankar Mon, 08/09/2010 - 18:17
User Badges:
  • Cisco Employee,

Are you sure it is running 8.3 code?

There were defects in the past: http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsy75345


http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsx77780


How many sub-interfaces does he have configured presently? Traffic breaks after creating how many-th interface? Routed or Transparent?


If this is 8.3, I suggest you open a TAC case and work with an engineer as this sounds like a new defect.


-KS

ankurs2008 Mon, 08/09/2010 - 18:47
User Badges:

Hi kusankar


thanks a lot for replying. This is an issue with 8.0(3) code and not 8.3 . This is a routed mode firewall . There are approx . 14 contexts and around 56 logical interfaces created .


25 vlans on Gig 0/2

30 vlans on Gig 1/0

1 vlan on Gig 1/2


He has already created logical interface , assigned vlan , then assigned it to the context , went to the specific context .Once he entered the command "interface Gig1/2.X and did a nameif and then he was not able to gain enable privilege in that particular context to revert those commands.  He also tried to remove the allocation of the Interface from that context however no success .Hence he did a failover and then reboot the asa.

Kureli Sankar Mon, 08/09/2010 - 19:40
User Badges:
  • Cisco Employee,

Oh sorry I read it as 8.3. So, yes this is a known issue. Pls. upgrade the code on the ASA to 8.0.5


-KS

ankurs2008 Mon, 08/09/2010 - 19:53
User Badges:

hi kusankar


thanks a lot ! which bug i am running into out of above ? Is ASA 8.0.3 a known IOS affected by this bug ?

Kureli Sankar Mon, 08/09/2010 - 20:00
User Badges:
  • Cisco Employee,

CSCsy75345 for sure. You may run into the other one as well. 8.0.5 has the fix for both the defects.

-KS
ankurs2008 Tue, 08/10/2010 - 03:04
User Badges:

hi kusankar


thanks for the reply , In my case i do have multiple context and mac-address auto command ; however i donot have context with less than 8 subinterfaces .Also this bug was found for 8.0(4) and my version is 8.0(3) is this applicable for me ? Also this issue occurs for me when nameif command is entered in the logical interface ; however there is no mention of the same in the bug . Can  you please elaborate as to what exactly happens in this bug

Actions

This Discussion