Guest

Preview Tool

Cisco Bug: CSCte91198 - ACE module fails to translate FTP active data ports when natting.

Last Modified

Feb 06, 2017

Products (1)

  • Cisco ACE Application Control Engine Module

Known Affected Releases

3.0(0)A2(2.2.3)

Description (partial)

Symptom: ACE module configured for ftp inspection and nat. In routed mode. Swhen a server behind the ace acting as an ftp client makes a connection to a server outside the ace, the active data channel fails. What is observed is that while the control channel messages are properly fixed up with ftp inspection, when the server opens the data channel with a syn to the natted port, the ace sends this syn along to the client it translates the ip but does not translate the port.

Conditions: ace in routed mode with ftp inspection and dynamic nat.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.