Guest

Preview Tool

Cisco Bug: CSCtd51609 - ACE-Module SNAT doesn't make FTP data traffic forward correctly

Last Modified

Feb 04, 2017

Products (1)

  • Cisco ACE Application Control Engine Module

Known Affected Releases

3.0(0)A1(2.16)

Description (partial)

Symptom:

When configured src NAT and inspect ftp, ACE module does change src port#20 of ftp data connection.

/// FTP data session ///

                    vlan100     vlan200
 | FTP client | --------- | ACE | --------- | FTP Serv |
  10.0.1.1                                 10.2.0.1
                                10.0.2.1

 dst: 10.0.1.1:1252/TCP   <<-----   dst: 10.0.2.1:3509/TCP
 src: 10.2.0.1:1025/TCP             src: 10.2.0.1:20/TCP
               ^^^^^<<<---!!!                     ^^^<<<---!!!
Conditions:
Source NAT is configured with PAT option.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.