Cisco Cisco Catalyst 6500 Series Firewall Services Module
32
Release Notes for the Catalyst 6500 Series and Cisco 7600 Series Firewall Services Module, Software Release 4.0(x)
Resolved Caveats
Resolved Caveats in Software Release 4.0(2)
•
CSCsm69869
When an outside NAT rule is configured on the FWSM and NAT control is enabled, inbound traffic
not matching that rule is being silently dropped.
not matching that rule is being silently dropped.
Workaround: There are two options for getting around this. If possible, disable NAT control by
entering the no nat-control command. If there are a limited number of networks on the outside
coming in, a static outside NAT rule can be configured for those specific networks. For example:
entering the no nat-control command. If there are a limited number of networks on the outside
coming in, a static outside NAT rule can be configured for those specific networks. For example:
static (outside,inside) 192.168.10.0 192.168.10.0 netmask 255.255.255.0
•
CSCso22765
FWSM gives an error and discards the configuration when overlapping static commands are
configured. For example:
configured. For example:
static (inside,outside) tcp 192.168.1.100 www 192.168.2.100 www netmask
255.255.255.255
CSCsr40940
FWSM snmp responses indicate flapping links
CSCsr40970
Strict HTTP inspection - problems with out-of-order packets from server
CSCsr42914
Overlapping address for nat and pat should show proper errors
CSCsr45802
FWSM fails over when compiling ACLs if CPU also busy inspecting traffic
CSCsr46459
Crash in Thread name dhcp_daemon related to DHCP relay
CSCsr47554
AAA Authentication request packet for 'show running-config' corrupted
CSCsr48265
3.2.7.3: http login does not reprompt on empty passwd if virtual telnet
CSCsr50360
Capture not working properly when same capture used for 2 interfaces
CSCsr55698
Capture not removed with 'no capture' when multiple cap. on same intf.
CSCsr60110
3.2.7.4: 'clear-conn' cannot be removed by 'no' statement
CSCsr60593
FWSM: May crash in Thread Name: accept/http
CSCsr62662
FWSM may crash during 'fsck disk:' operations
CSCsr67375
FWSM crashes in accept/http when deploying 'nat (0) 0 20.2.1.1' from CSM
CSCsr69909
snmp-map attached to inspect getting deleted with clear conf
CSCsr71168
Traceback: Crash in Thread Name: Route cache
CSCsr75501
FOVER:Standby MAC addr is improperly registered as Active MAC on Primary
CSCsr83441
Crash in manual mode (ACL optimization enabled) when deleting a rule
CSCsr83767
Clear route permanently removes static routes from the NP 3
CSCsr84424
Inter-context traffic on shared vlan fails starting in version 4.0
CSCsr93090
High CPU on FWSM due to AAA accounting/authentication
CSCsr93323
FWSM 4.0: Crash at ssh_receive
CSCsr93953
FWSM doesn't inspect the 3way hand shake for FTP data channel
CSCsr94374
DNS Responses Destined to Port UDP/53 are Blocked
Table 14
Resolved Caveats in Release 4.0(3) (continued)
Caveat ID
Description