Guest

Preview Tool

Cisco Bug: CSCuo23917 - IPS in inline mode generates ACK for signed TCP streams

Last Modified

Aug 10, 2016

Products (17)

  • Cisco IPS 4200 Series Sensors
  • Cisco ASA 5555-X IPS Security Services Processor
  • Cisco IPS 4255 Sensor
  • Cisco IPS 4260 Sensor
  • Cisco IPS 4345 Sensor
  • Cisco IPS 4270-20 Sensor
  • Cisco IPS 4520 Sensor
  • Cisco ASA 5545-X IPS Security Services Processor
  • Cisco ASA 5525-X IPS Security Services Processor
  • Cisco IPS 4510 Sensor
View all products in Bug Search Tool Login Required

Known Affected Releases

7.0(1) 7.1(7)E4

Description (partial)

Symptom:
The BGP neighbor generates the following error message:

Apr 10 01:49:56.184 PDT: %TCP-6-BADAUTH: No MD5 digest from A.B.C.D(179) to W.X.Y.Z(51582) 
Apr 10 02:54:21.139 PDT: %TCP-6-BADAUTH: No MD5 digest from A.B.C.D(179) to W.X.Y.Z(51582)

when MD5 authentication is configured and the IPS is inspecting the traffic in the inline mode.

Conditions:
IPS running on version 7.1.7(E4) in inline mode with signature S755.

BGP neighbors configured for MD5 authentication and IPS inspecting the BGP traffic passing between them.

The BGP neighbor generates the following error message:

Apr 10 01:49:56.184 PDT: %TCP-6-BADAUTH: No MD5 digest from A.B.C.D(179) to W.X.Y.Z(51582) 
Apr 10 02:54:21.139 PDT: %TCP-6-BADAUTH: No MD5 digest from A.B.C.D(179) to W.X.Y.Z(51582)

when there is a retransmission of BGP packets through the IPS.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.