Guest

Preview Tool

Cisco Bug: CSCvv74083 - UDP PAT xlates are not getting removed, causing PAT pool exhaustion

Last Modified

Oct 07, 2020

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

9.8(4.7)

Description (partial)

Symptom:
PAT pool exhaustion causing network outage

Conditions:
+ ASA version 9.8(4)7
+ Stale UDP PAT xlate entries not getting cleared.
UDP PAT from any:10.73.6.18/56889 to any:124.157.84.238/56889 flags ri idle 122:02:56 timeout 0:00:30 refcnt 8 xlate id 0x7fce6a440940
UDP PAT from any:10.73.6.18/55910 to any:124.157.84.238/55910 flags ri idle 99:57:46 timeout 0:00:30 refcnt 12 xlate id 0x7fce6a442340
UDP PAT from any:10.73.6.18/50314 to any:124.157.84.238/50314 flags ri idle 69:20:39 timeout 0:00:30 refcnt 16 xlate id 0x7fce6a430640
UDP PAT from any:10.73.6.18/56344 to any:124.157.84.238/56344 flags ri idle 35:52:58 timeout 0:00:30 refcnt 16 xlate id 0x7fce6a43e540
UDP PAT from any:10.73.6.18/65097 to any:124.157.84.238/65097 flags ri idle 9:19:10 timeout 0:00:30 refcnt 2 xlate id 0x7fce6a435a40
UDP PAT from any:10.73.6.18/55707 to any:124.157.84.238/55707 flags ri idle 123:14:04 timeout 0:00:30 refcnt 2 xlate id 0x7fce6a436440
UDP PAT from any:10.73.6.18/55706 to any:124.157.84.238/55706 flags ri idle 123:14:04 timeout 0:00:30 refcnt 2 xlate id 0x7fce6a435c40
+ Connections for these xlates doesn't exist.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.