Preview Tool

Cisco Bug: CSCsg37315 - IOS FW on VPN tunnels fail on 12.4(11)T on 87x and 18xx platforms

Last Modified

Mar 23, 2015

Products (38)

  • Cisco IOS
  • Cisco VG224 Analog Voice Gateway
  • Cisco 1803 Integrated Services Router
  • Cisco Catalyst 6500 Series Communication Media Module
  • Cisco AS5400XM Universal Gateway
  • Cisco 878 Integrated Services Router
  • Cisco 1812 Integrated Services Router
  • Cisco 7206 Router
  • Cisco 7301 Router
  • Cisco AS5350XM Universal Gateway
View all products in Bug Search Tool Login Required

Known Affected Releases

12.4(11)T 12.4(11)T1 12.4(4)T3

Description (partial)

If CBAC is configured in conjunction with VPN tunnels, TCP connections 
through the firewall might fail.

CBAC ignores the SYN/ACK pcakets coming from IPsec tunnel and then 
drops all outbound TCP packets exept initial SYN, generating message 
"Invalid Segment tcp". 

Outbound TCP connections to the Internet (not over IPSec tunnel) are not affected 
and work fine with CBAC.

VPN tunnels must be configured on the router in conjunction with CBAC
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.