Cisco Bug: CSCuq91793 - ASA: RST packet forwarded with non-zero ACK number (and ACK flag clear)
Apr 16, 2020
- Cisco ASA 5500-X Series Firewalls
Known Affected Releases
Symptom: ASA forwards RST packet with non-zero ACK number and ACK flag cleared. If there is another ASA along the path of this connection, it will drop this RST packet and not clear the connection. In very specific circumstances (when host initiates another connection and reuses the same ports), the new connection won't be established and the host will receive PSH ACK packet in response to SYN packet. Conditions: 2 ASAs in path of a connection, RST packet sent immediately after standard connection termination.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases