BugZero | Cisco BugID CSCwa35200 - Some syslogs for AnyConnect SSL are generated in a...

Cisco - Defect ID: CSCwa35200

Some syslogs for AnyConnect SSL are generated in admin context instead of user context

Cisco - Defect ID: CSCwa35200

Some syslogs for AnyConnect SSL are generated in admin context instead of user context

Last updated on 2/26/2025

Overall: 6.16.1

Severity: 6.46.4

Lifecycle: 9.19.1

Popularity: 4.64.6

What is the BugZero Risk Score?

Vendor details

No defect details.

Overall: 6.16.1

Severity: 6.46.4

Lifecycle: 9.19.1

Popularity: 4.64.6

What is the BugZero Risk Score?

Vendor details

No defect details.

Symptom

Some syslogs for AnyConnect SSL are wrongly generated in the admin context. Example: There is admin and user1 context. After establishing AnyConnect SSL session to the user1 context IP, the following Syslog messages are being generated by the admin context: Dec 01 2021 13:22:38: %ASA-5-722033: Group User IP First TCP SVC connection established for SVC session. Dec 01 2021 13:22:38: %ASA-6-722022: Group User IP TCP SVC connection established without compression Dec 01 2021 13:32:35: %ASA-4-722037: Group User IP SVC closing connection: User Requested. Dec 01 2021 13:32:35: %ASA-6-722023: Group User IP TCP SVC connection terminated without compression Other messages are generated correctly by user1 context: Dec 01 2021 13:22:37: %ASA-6-113039: Group User IP AnyConnect parent session started. Dec 01 2021 13:22:38: %ASA-4-722041: TunnelGroup GroupPolicy User IP No IPv6 address available for SVC connection Dec 01 2021 13:22:38: %ASA-6-722055: Group User IP Client Type: Cisco AnyConnect VPN Agent for Windows 4.9.04053 Dec 01 2021 13:22:38: %ASA-4-722051: Group User IP IPv4 Address IPv6 address assigned to session Dec 01 2021 13:22:38: %ASA-6-716002: Group User IP WebVPN session terminated: User Requested. Dec 01 2021 13:22:38: %ASA-4-113019: Group = repro, Username = admin, IP = x.x.x.x, Session disconnected. Session Type: AnyConnect-Parent, Duration: 0h:00m:00s, Bytes xmt: 3336, Bytes rcv: 0, Reason: User Requested Dec 01 2021 13:22:38: %ASA-6-737016: IPAA: Session=0x00017000, Freeing local pool pool1 address x.x.x.x Dec 01 2021 13:22:38: %ASA-6-725007: SSL session with client outside:x.x.x.x/49506 to x.x.x.x/443 terminated

Conditions

ASA is deployed in Multicontext mode. Logging is configured under admin and user context. AnyConnect session is being established to the user context.

Workaround

Not available.

Further Problem Description

This issue doesn't affect functionality and it's related only to the logging.

Original Vendor Announcement

9.65Defect ID: CSCwd45843
Auth Step latency for policy evaluation due to Garbage Collection activity.
9.65Defect ID: CSCwa92734
CUBE DTMF interworking fails from rtp-nte to OOB SIP methods
9.65Defect ID: CSCwj45822
Cisco ASA and FTD Software Remote Access VPN Brute Force Denial of Service Vulnerability
9.65Defect ID: CSCvo03458
PKI "revocation check crl none" does not fallback if CRL not reachable
9.65Defect ID: CSCvq05584
Cisco IOS and IOS XE Software Tcl Arbitrary Code Execution Vulnerability

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

Cisco - Defect ID: CSCwa35200

Some syslogs for AnyConnect SSL are generated in admin context instead of user context

Cisco - Defect ID: CSCwa35200

Some syslogs for AnyConnect SSL are generated in admin context instead of user context

Last updated on 2/26/2025

Vendor details

Vendor details

Description

Symptom

Conditions

Workaround

Further Problem Description

Links

Top Cisco defects by risk score

Ready to prevent the next vendor outage?