Revision: Version 8.4.2(8) – 08/31/2011 Files: asa842-8-k8.bin, asa842-8-smp-k8.bin Defects resolved since 8.4.2: CSCtc95264 ASA Increase LDAP & DAP max instances per attribute > 999 CSCtf51346 ASA may leave connection in half-closed state CSCtg06320 DHCP ACK not sent by the firewall. CSCtg76404 Traceback in Thread Name: Checkheaps due to logging CSCth14248 ASA not sending all logging messages via TCP logging CSCth34278 Clientless WebVPN Memory Leak Causes Blank Page after Authentication CSCth37641 Write Mem on active ASA 8.3 produces log 742004 on standby CSCth48476 ASA WebVPN doesnt rewrite URL Encoded Data in Location Response Header CSCth58048 Assert Failure caused Traceback in Thread Name: Dispatch Unit CSCti10186 ASA 18.104.22.168 Standby with a traceback in Thread Name:Checkheaps CSCti29274 Cannot switchover member with two 10G interfaces redundant interface CSCti54387 ASA 8.2.2.x traceback in Thread Name: Dispatch Unit CSCti62667 Connections stay open w/ 'sysopt connection timewait' & NetFlow CSCtj20724 ASA hitless upgrade from 8.2 to 8.3: upgraded unit reload upon conf sync CSCtk09626 traceback in AAA eip AAA_BindServer+118 during AC connection CSCtk93754 Change in Layered Object Group Does Not Update NAT Table CSCtl06156 NAT Xlate idle timer doesn't reset with Conn. CSCtl23397 ASA may log negative values for Per-client conn limit exceeded messg CSCtl41335 ASA traceback when layer-2 adjacent TCP syslog server is unavailable CSCtl86184 ASA 8.2 flow control might not work for redundant interfaces CSCtl93641 ASA: Traceback in fover_parse thread after making NAT changes CSCtn38584 the packet is discarded when the specific xlate is exist. CSCtn41118 ASA fails over under intensive single-flow traffic CSCtn48877 Traceback in fover_FSM_thread with IPv6 failover on SSM-4GE-INC CSCtn66992 egress ACL packet drops erroneously counted on ingress interface CSCtn70741 correct error msg be displayed instead of "ERROR: % Invalid Hostname" CSCtn74485 ASA5580 traceback in DATAPATH-7-1353 CSCtn99124 Dynamic Filter DNS Snooping Database size too small CSCtn99416 WebVPN: Dropdown menu doesn't work in customized SharePoint 2010 CSCto06207 ASA 8.4.1 traceback in Thread UserFromCert CSCto23149 Standby ASA sends out IPv6 RA when IPv6 address is configured. CSCto31425 ASA: L2TP and NAT-T overhead not included in fragmentation calculation CSCto34150 ASA SMR - multicast packets no longer forwarded upon interface failure CSCto34823 multicast packets dropped in the first second after session creation CSCto42990 ASA fails to process the OCSP response resulting in the check failure CSCto43960 FWSM: DCERPC inspection of packet with multiple segments fails CSCto49160 can not access cifs folder with japanese character CSCto49472 ASA running 8.4.1 does not detect external flash, needs a reload CSCto50936 SAP Portal - Event Tracking Script fails to display correclty CSCto53199 Traceback with phone-proxy Thread Name: Dispatch Unit CSCto76621 FO cluster lic doesnt work if primary reboots while secondary is down CSCto76775 ASA AC failure due to slow memory leak: "Lua runtime: not enough memory" CSCto80254 ASA does not send Anyconnect profile when Radius pushes profile CSCto81636 IPv6 traffic not updated after neighbor changes CSCto83156 ASA Sequence of ACL changes when changing host IP of object network CSCto89607 ASA sends invalid XML when tunnel-group name contains & CSCtq07658 ASA: Traceback in ci/console on Standby unit CSCtq08208 ISAKMP dropped after boot if ASA doesn't have IP address while booting CSCtq10654 Threat-detecton stats showing incorrect output CSCtq12037 WebVPN : bytes lost in ftp uploading using IE via smart tunnel CSCtq13070 VPN-Filter Not Applied When AC Initiated Through Weblaunch CSCtq21535 ASA traceback when connecting with Android L2TP/IPsec client CSCtq27530 Java RDP plugin doesn't work with sslv3 on ASAs CSCtq28561 asa 8.4, failover , ospf routing can not update rightly. CSCtq30094 CSD scan happens for SSL VPN when connecting via group alias CSCtq40553 Unable to remove trustpoint - ERROR: The trustpoint appears to be in use CSCtq42954 ASA calculates ACL hash inorrectly CSCtq45177 ASA 8.4.1 : 1550 byte block depletion w/ alloc_pc 0x8553ab8 CSCtq46808 ASA rebooted unit always become active on failover setup CSCtq50523 Using non-ASCII chars in interf desc makes the ASA reload with no config CSCtq52342 OWA 2007 via WebVPN Sessions fail to get notifications of new emails CSCtq57642 Cannot point IPv6 route to a link-local that matches other intf CSCtq60450 Degraded Xlate Teardown Performance CSCtq62572 Webvpn/mus memory leak observed in 22.214.171.124 CSCtq65479 IKEv2 - ASA does not send intermediate certs for server cert CSCtq67230 IKEv2 DPD is sent at an interval not correlating to the specified value CSCtq70326 Interface "description" command allows for more than 200 characters. CSCtq73340 After the interface IP is changed, ASA does not allow UDP 500 to new IP CSCtq79834 ASA traceback due to dcerpc inspection. CSCtq84759 ASA wont take "ip audit info action alarm" under "crypto ca" subcommand CSCtq90084 ASA traceback in thread Dispatch Unit CSCtq96332 ASA 5505 logs "INVALID_NICNUM" messages to console CSCtr00315 Active SSH connection orphaned if 'clear config all' is run CSCtr03856 Failure to migrate named interfaces in ctx to 8.4 bridge group syntax CSCtr12176 L2L - IPSEC Backup- Peer list is not rotated/cycled with dual failure CSCtr12333 Webvpn portal contents disappear once bookmark user-storage is enabled CSCtr14920 lightview based Modal Elements do not work with webvpn CSCtr16184 To-the-box traffic fails from hosts over vpn after upgrade to 8.4.2 CSCtr23914 ASA: Certificate renewal from same CA breaks SSLVPN CSCtr26724 ASA threat detection does not show multicast sender IP in statistics CSCtr27000 ASA fails to send Radius attribute 8 framed IP address for IKEv2 CSCtr33228 Traceback in Dispatch Unit when replicating xlates to standby CSCtr36022 Java AJAX session does not work over SSLVPN CSCtr39013 ASA - panic traceback when issuing show route interface_name CSCtr44913 ASA 5580 traceback with DATAPATH-2-1024 thread CSCtr47517 ASA - Reload in Thread Name: PIM IPv4 CSCtr50413 Clientless webvpn remove forward slash in POST Request-URI CSCtr55374 ASA: asr-group in TFW A/A FO doesn't rewrite dst MAC for IP fragments CSCtr62720 conns are not fully replicated to standby if config has many ACLs CSCtr63071 5585 735XXX syslogs reporting wrong id CSCtr63101 5585 show environment power output unclear CSCtr65241 connections are not replicated to standby unit CSCtr65785 Enabling AC Essentials should logoff webvpn sess automatically CSCtr69771 backslash in username for ftp over webvpn changed to semi-colon CSCtr74940 Active ASA traceback Thread: DATAPATH-3-1290, rip spin_lock_get_actual CSCtr74983 ASA LDAP support for searching with value range retrieval CSCtr83349 ASA logs "INVALID_NICNUM" messages to console CSCtr96686 Java RDP plugin traceback when using empty user in URL to Win2008 server CSCsg26647 CS: undebug all command doesn't disable debug crypto ca server Download of this new ASA5500 Series Software is available subject to a Cisco Software License.