Cisco Cisco ASA 5585-X Adaptive Security Appliance
4
Release Notes for the Cisco ASA Device Package Software, Version 1.2(5.21) for ACI
Important Notes
Related Documentation
For more information about the features and benefits of Cisco TrustSec and Cisco ASA Device Package
Software for ACI, see:
Software for ACI, see:
•
Important Notes
Pay attention to the following important notes:
•
The ASAv does not support multiple context mode.
•
ACE with dynamic EPG requires ASA image 9.3.2 or later.
APIC 1.2(x) and ASA 9.3(1)
If you are running APIC 1.2(x) with ASA 9.3(1), which has a default SSL configuration, you will see
the following error:
the following error:
*Major script error : Connection error : [SSL:SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert
handshake failure(_ssl.c:581)*
The workaround is to have ssl encryption aes128-sha1 configured on the ASA, or to upgrade the ASA
to version 9.3(2) or later.
to version 9.3(2) or later.
The Policy Manager Lock Ups when the Configuration for BGP
Peering for the Service Appliance is Incomplete
Peering for the Service Appliance is Incomplete
Symptom
The Policy Manager crashes when the l3Out that is used for BGP peering for the service
appliance has an incomplete configuration (CSCuw03425).
Conditions
The l3Out used for BGP peering for the service appliance is missing l3extRsNodeL3OutAtt.
Workaround
Make sure that the l3Out contains l3extRsNodeL3OutAtt. This problem will be fixed in a
subsequent release.
The following shows the BGP XML example with l3extRsNodeL3OutAtt:
<polUni>
<fvTenant name="tenant1">
<l3extOut name="StaticExternal">
<l3extLNodeP name="bLeaf-101">
<l3extRsNodeL3OutAtt tDn="topology/pod-1/node-101" rtrId="190.0.0.11">
<ipRouteP ip="50.50.50.0/24">
<ipNexthopP nhAddr="40.40.40.102/32"/>