Guest

Preview Tool

Cisco Bug: CSCvu10306 - ENH - FTD/ASA to support sending logs for the three way hadshake packets .

Last Modified

May 20, 2020

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

9.14(1.5)

Description (partial)

Symptom:
++ Currently, we have syslog IDs for connection establishments and termination

%ASA-6-302013: Built {inbound|outbound} TCP connection_id for interface:real-address/real-port (mapped-address/mapped-port) [(idfw_user)] to interface:real-address/real-port (mapped-address/mapped-port) [(idfw_user)] [(user)]
%ASA-6-302014: Teardown TCP connection id for interface :real-address /real-port [(idfw_user )] to interface :real-address /real-port [(idfw_user )] duration hh:mm:ss bytes bytes [reason [from teardown-initiator]] [(user )]

++ We need IDs to track the connection flags [SYN, SYN-ACK and ACK] for the connections establishment in order to track it .

Expected message ID :
%ASA-6-123456 Received SYN connection_id for interface:real-address/real-port to interface:real-address/real-port
%ASA-6-123457 Received SYN-ACK connection_id for interface:real-address/real-port to interface:real-address/real-port
%ASA-6-123457 Received ACK connection_id for interface:real-address/real-port to interface:real-address/real-port

Conditions:
++ Logging enabled on ASA/FTD
++ Running affected version .
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.