ASA and FTD Software: Network Address Translation Might Become Disabled – Software Upgrade Recommended

CSCvz33468

ASA Code: 9.12.4 through 9.16.2

FTD Code: 6.4.0 through 7.0.1.1

NAT stops translating source addresses after changes to object-groups in the manual NAT Rule

Problem Description

For some versions of Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software, Network Address Translation (NAT) might become disabled after the object-groups in the NAT rule settings are changed.

Background

Cisco ASA and FTD software might not complete the layer 3 (L3) header of an updated source or destination address in the manual NAT rule that references the object-group with an updated nested object