Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA cut-through proxy works only with virtual server since 8.4(3)9


Has anybody a running configuration on v8.4(3)9 with a cut-through proxy setup, that doesn't need a virtual server?

Before upgrading a telnet session was authenticated on the ASA inband, just by configuring the corresponding "aaa authentication match some-acl inside LOCAL" command and an acl that matched the telnet session. After upgrading to 8.4(3)9 it works only when configuring and using a virtual server and having the virtual server within the authentication acl.

The loggs show the following message: "%ASA-7-109014: uauth_lookup_net fail for get_np_flow_info()"

Regarding the logging-guide this means that authorization is missing. But I only want authentication, not authorization, as this is only supported with tacacs+.

Is this a bug related to the introduction of user-identity stuff or just a new feature?

CreatePlease to create content