Guest

Preview Tool

Cisco Bug: CSCvs78252 - ASA/Lina Offloaded TCP flows interrupted if TCP sequence number randomizer is enabled and SACK used

Last Modified

Sep 17, 2020

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

9.13(1) 9.14(0.104)

Description (partial)

Symptom:
Interruption/slowness of TCP traffic going through FTD on FPR9300/4100, where SACK option is used and flow is dynamically or statically offloaded, like: SCP file transfer (times out and throw a "broken pipe" error message), sftunnel traffic going through FTD dataplane (especially deployment) etc.

Conditions:
All three conditions have to be met:
- TCP SACK option used
- TCP sequence number randomization enabled
- flow is dynamically or statically offloaded to hardware
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.