cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
634
Views
5
Helpful
6
Replies

FW in Multiple context fails with nameif command

ankurs2008
Level 1
Level 1

Hi halijenn / kusankar / NT ,

I am having an issue in which customer is having ASA 5520 firewall pair (active , standby) , 8.0.3 Code running in mutiple context mode and having VPN Premium license.There are huge no. of context (approx 14) configured on the firewall , he says that as soon as the firewall was configured with one more logical interface and a nameif command was issued under the relevant context , the traffic stopped traversing across other contexts and he has to issue failover and susbequent reload of that firewall (on which issue happened ) to get back to normal . He doesnot have syslogs for that instance .Please let me know if this is a bug or if there is any probability that he might have gone wrong somewhere .

6 Replies 6

Kureli Sankar
Cisco Employee
Cisco Employee

Are you sure it is running 8.3 code?

There were defects in the past: http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsy75345

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsx77780

How many sub-interfaces does he have configured presently? Traffic breaks after creating how many-th interface? Routed or Transparent?

If this is 8.3, I suggest you open a TAC case and work with an engineer as this sounds like a new defect.

-KS

Hi kusankar

thanks a lot for replying. This is an issue with 8.0(3) code and not 8.3 . This is a routed mode firewall . There are approx . 14 contexts and around 56 logical interfaces created .

25 vlans on Gig 0/2

30 vlans on Gig 1/0

1 vlan on Gig 1/2

He has already created logical interface , assigned vlan , then assigned it to the context , went to the specific context .Once he entered the command "interface Gig1/2.X and did a nameif and then he was not able to gain enable privilege in that particular context to revert those commands.  He also tried to remove the allocation of the Interface from that context however no success .Hence he did a failover and then reboot the asa.

Oh sorry I read it as 8.3. So, yes this is a known issue. Pls. upgrade the code on the ASA to 8.0.5

-KS

hi kusankar

thanks a lot ! which bug i am running into out of above ? Is ASA 8.0.3 a known IOS affected by this bug ?


CSCsy75345 for sure. You may run into the other one as well. 8.0.5 has the fix for both the defects.

-KS

hi kusankar

thanks for the reply , In my case i do have multiple context and mac-address auto command ; however i donot have context with less than 8 subinterfaces .Also this bug was found for 8.0(4) and my version is 8.0(3) is this applicable for me ? Also this issue occurs for me when nameif command is entered in the logical interface ; however there is no mention of the same in the bug . Can  you please elaborate as to what exactly happens in this bug

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: