Cisco Bug: CSCte91198 - ACE module fails to translate FTP active data ports when natting.
Feb 06, 2017
- Cisco ACE Application Control Engine Module
Known Affected Releases
Symptom: ACE module configured for ftp inspection and nat. In routed mode. Swhen a server behind the ace acting as an ftp client makes a connection to a server outside the ace, the active data channel fails. What is observed is that while the control channel messages are properly fixed up with ftp inspection, when the server opens the data channel with a syn to the natted port, the ace sends this syn along to the client it translates the ip but does not translate the port. Conditions: ace in routed mode with ftp inspection and dynamic nat.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases