Guest

Preview Tool

Cisco Bug: CSCuq91793 - ASA: RST packet forwarded with non-zero ACK number (and ACK flag clear)

Last Modified

Jun 05, 2017

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

9.1(4)

Description (partial)

Symptom:
ASA forwards RST packet with non-zero ACK number and ACK flag cleared.
If there is another ASA along the path of this connection, it will drop this RST packet and not clear the connection.
In very specific circumstances (when host initiates another connection and reuses the same ports), the new connection won't be established and the host will receive PSH ACK packet in response to SYN packet.

Conditions:
2 ASAs in path of a connection, RST packet sent immediately after standard connection termination.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.