Cisco Cisco Catalyst 6500 Series Firewall Services Module
24
Release Notes for the Catalyst 6500 Series and Cisco 7600 Series Firewall Services Module, Software Release 4.0(x)
Resolved Caveats
Resolved Caveats in Software Release 4.0(6)
•
CSCsu01658
If you configure an access list allowing TFTP and attach it to a capture command configured on an
interface, then for a TFTP file transfer, the capture output shows that the transfer is happening to an
incorrect port on the client. Also, the size of the transferred file is not shown properly.
interface, then for a TFTP file transfer, the capture output shows that the transfer is happening to an
incorrect port on the client. Also, the size of the transferred file is not shown properly.
Workaround: None.
•
CSCsx63737
When the Auto Update Server has an action such as a replace or merge, it does not receive the Next
poll message. In the output of the show auto-update command, “Next poll” information is missing
even after waiting for more than 3 minutes.
poll message. In the output of the show auto-update command, “Next poll” information is missing
even after waiting for more than 3 minutes.
Workaround: None.
•
CSCsx64037
When you configure the logging ftp-bufferwrap command, the FTP process might stop working
after a period of normal operation. This happens when the FTP server is not able to open the data
connection during the active FTP transfer. The FWSM FTP process will sit idle indefinitely.
after a period of normal operation. This happens when the FTP server is not able to open the data
connection during the active FTP transfer. The FWSM FTP process will sit idle indefinitely.
Workaround: Reload the FWSM, or enter the logging host command instead of logging
ftp-bufferwrap.
ftp-bufferwrap.
•
CSCsy09769
If you configure a policy static NAT statement with an access-list with the protocol of icmp and an
icmp-type of echo, then when you ping through the FWSM, a static xlate is not created.
icmp-type of echo, then when you ping through the FWSM, a static xlate is not created.
For example:
Inside PC (10.2.1.1) ------FWSM------Outside PC (10.1.1.65)
access-list test permit icmp host 10.2.1.1 any echo
access-list test permit icmp host 10.2.1.1 any echo-reply
static (inside,outside) 10.1.1.68 access-list test
Then when you ping from 10.2.1.1 to 10.1.1.65, a static xlate is not created.
Workaround: Add an ACE without the ICMP type specified.
•
CSCsy42935
CSCta13098
FWSM sends TCP RST with wrong ACK nbr
CSCta06559
Inspect SIP shows error “portmap_index: unable to locate fixup”
CSCsv22070
Logging to the console causes syslogs to be rate-limited.
CSCsz79758
H.323/NAT-Setup msg with SupportedFeatures extensions malformed after NAT
CSCsz75402
TCP checksum errors after failover for new connections.
CSCsz68425
Transparent FWSM not Sync'ing Valid CAM Table Entries to Failover Peer
CSCsz66958
FWSM should send gratuitous ARP if new Primary inserted in failover
CSCsz66760
snmp-server enable traps command appears in the standby FWSM
CSCta10823
In certain case ACE limit reached error is not appearing in Manual mode
Table 10
Resolved Caveats in Release 4.0(7) (continued)
Caveat ID
Description