Cisco Bug: CSCte15439 - ACE 4710 - L4 w/ Norm forwards ACK Lost Seg with wrong ACK/Seq number
Feb 22, 2014
- Cisco ACE 4700 Series Application Control Engine Appliances
Known Affected Releases
Symptom: When ACE 4710 is performing L4 load-balancing and utilizes NAT/PAT, the ACE 4710 may reuse a SRC port quicker than the Rserver can clear it from its TIME-WAIT state. When this occurs, the ACE 4710 sends a new SYN request and the Rserver may respond with an ACK Lost Segment containing the wrong ACK/Sequence number. The ACE 4710 in its default state (with Normalization enabled), should drop the ACK Lost Segment but instead it forwards it to the originating client which RSTs the TCP connection. Conditions: ACE 4710 performing L4 load-balancing with NAT/PAT. ACE 4710 reuses SRC ports and Rserver responds with ACK Lost Segment containing the wrong ACK/Sequence number.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases