Preview Tool

Cisco Bug: CSCte15439 - ACE 4710 - L4 w/ Norm forwards ACK Lost Seg with wrong ACK/Seq number

Last Modified

Feb 22, 2014

Products (1)

  • Cisco ACE 4700 Series Application Control Engine Appliances

Known Affected Releases


Description (partial)

 When ACE 4710 is performing L4 load-balancing and utilizes NAT/PAT,  the ACE 4710 may reuse a SRC port quicker than the Rserver can clear it from its TIME-WAIT state.   When this occurs, the ACE 4710 sends a new SYN request and  the Rserver may respond with an ACK Lost Segment containing the wrong ACK/Sequence number.  The ACE 4710 in its default state (with Normalization enabled), should drop the ACK Lost Segment  but instead it forwards it to the originating client which RSTs the TCP connection.

ACE 4710 performing L4 load-balancing with NAT/PAT. ACE 4710 reuses SRC ports and Rserver responds with ACK Lost Segment containing the wrong ACK/Sequence number.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.