Guest

Preview Tool

Cisco Bug: CSCuj14001 - ASA corrupts FTP packets

Last Modified

Nov 08, 2016

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

8.4(2)

Description (partial)

Symptom:
++ all upload/download ftp traffic is affected that cross the firewall; 
++ newly created context 'admin2' works without an issue;

++ issue is unreproducible; active FTP; ASA5585 8.4.2 multi context;
++ in all failed scenarios data of 1380 Bytes come in, but 1379 Bytes goes out;
++ the pattern I've noted is that ZeroWindow Probe of 1 Byte is send before failure occurs;

  +capout0:   194 31.903326  202.0.146.161 64.103.25.233 FTP-DATA 1433   FTP Data: 1379 bytes
  +capvl0:    247 30.549615  10.23.31.1    64.103.25.233 FTP-DATA 59     [TCP ZeroWindowProbe] FTP Data: 1 bytes
  +capvl0:    249 30.582984  10.23.31.1    64.103.25.233 FTP-DATA 1438    FTP Data: 1380 bytes

  +capout1:   214 29.283667  202.0.146.161 64.103.25.233 FTP-DATA 1433   FTP Data: 1379 bytes
  +capvl1:    257 27.246010  10.23.31.1    64.103.25.233 FTP-DATA 59     [TCP ZeroWindowProbe] FTP Data: 1 bytes
  +capvl1:    259 27.283835  10.23.31.1    64.103.25.233 FTP-DATA 1438    [TCP Window Full] FTP Data: 1380 bytes

  +capout2:   1625 42.409738  202.0.146.161 64.103.25.233 FTP-DATA 1433   FTP Data: 1379 bytes
  +capvl2:    2551 41.770895  10.23.31.1    64.103.25.233 FTP-DATA 59     [TCP ZeroWindowProbe] FTP Data: 1 bytes
  +capvl2:    2553 42.408426  10.23.31.1    64.103.25.233 FTP-DATA 59     [TCP ZeroWindowProbe] FTP Data: 1 bytes
  +capvl2:    2555 42.409449  10.23.31.1    64.103.25.233 FTP-DATA 1438    FTP Data: 1380 bytes

  +capout3:   4110 66.109995  202.0.146.161 64.103.25.233 FTP-DATA 1433   FTP Data: 1379 bytes
  +capvl3:    6660 65.468030  10.23.31.1    64.103.25.233 FTP-DATA 59     [TCP ZeroWindowProbe] FTP Data: 1 bytes
  +capvl3:    6662 66.108408  10.23.31.1    64.103.25.233 FTP-DATA 59     [TCP ZeroWindowProbe] FTP Data: 1 bytes
  +capvl3:    6664 66.109690  10.23.31.1    64.103.25.233 FTP-DATA 1438    FTP Data: 1380 bytes
  +capout5:   456 31.461759  202.0.146.161  64.103.25.233 FTP-DATA 1433   FTP Data: 1379 bytes
  +capvl5:    678 31.078915  10.23.31.1     64.103.25.233 FTP-DATA 59     [TCP ZeroWindowProbe] FTP Data: 1 bytes
  +capvl5:    680 31.090373  10.23.31.1     64.103.25.233 FTP-DATA 1438    FTP Data: 1380 bytes

Conditions:
++ only FTP traffic is affected
++ in all conditions, except with TCP state bypass
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.