Guest

Preview Tool

Cisco Bug: CSCte81860 - TCP reset action does not reset connection

Last Modified

Nov 09, 2016

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

100.4(0.51) 8.2(1)

Description (partial)

Symptom:
In TFW, IPS TCP reset action is not resetting the connection as expected, because the reset packet(s) are not making it to the attacker/target.  
 ASA is configured for transparent mode.  Have sig 3401.1 enabled and TCP reset as  one of the actions.  The signature fires and reports in the alert that resets were sent. But no reset packets show up on the attacker or target linux machine, and the connection is not reset.
IPS action is working fine with router mode, and the problem can only be seen in transparent mode.        
The root cause is that in TFW mode, both src /dest  mac address of RST packet were not correctly populated and both were 0. 
The mac address in bp will be refilled in router mode, but not in TFW mode.
When client received the RST pkt with empty mac , the flow would not be torn down.             


Conditions:
ASA is running in transparent mode.
IPS is configured and IPS action is triggered to reset the flow, then flow is not correctly reset.
Note:  All earlier versions like 7.x and 8.0.x all have this problem.  
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.