Cisco Bug: CSCvt75639 - DOC: No ARP table lookup for self-originated TCP RESET packets
Jul 12, 2020
- Cisco ASA 5500-X Series Firewalls
Known Affected Releases
9.12(3) 9.6(4) 9.8(4)
Symptom: When a TCP packet with RESET bit generated from the ASA/FTD to reset a connection that is denied by the stateful inspection engine, the destination MAC address of this packet is not determined based on the ARP table lookup but instead is taken directly from the source MAC address of the packets (connections) that are being denied. Conditions: - ASA/FTD sends RST for denied connections - generally controlled by the 'service resetinbound' or 'service resetoutbound' commands. - ARP table contains entry for IP a.b.c.d - MAC A, but firewall receives packets from IP a.b.c.d MAC B.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases