Cisco Bug: CSCte81860 - TCP reset action does not reset connection
Nov 09, 2016
- Cisco ASA 5500-X Series Firewalls
Known Affected Releases
Symptom: In TFW, IPS TCP reset action is not resetting the connection as expected, because the reset packet(s) are not making it to the attacker/target. ASA is configured for transparent mode. Have sig 3401.1 enabled and TCP reset as one of the actions. The signature fires and reports in the alert that resets were sent. But no reset packets show up on the attacker or target linux machine, and the connection is not reset. IPS action is working fine with router mode, and the problem can only be seen in transparent mode. The root cause is that in TFW mode, both src /dest mac address of RST packet were not correctly populated and both were 0. The mac address in bp will be refilled in router mode, but not in TFW mode. When client received the RST pkt with empty mac , the flow would not be torn down. Conditions: ASA is running in transparent mode. IPS is configured and IPS action is triggered to reset the flow, then flow is not correctly reset. Note: All earlier versions like 7.x and 8.0.x all have this problem.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases