Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACE TCP connection timeout


our customer has a problem with correct closing TCP connections on the ACE. TCP session (HTTP protocol) is closed _correctly_ (we can see it in the sniffer output), but 'sh conn' on the ACE shows it as 'established' (session is already closed). TCP timeout is set to default (60min).

Any new connection from the same src port (because many connection to the service) is closed after TCP session is established.

When I try generate 200 concurrent sessions TCP sessions in my lab, this are on the ACE closed correctly. Customer's traffic is around 20-30.000 concurrent session, but I can't generate so much traffic.

SW version on the ACE: 3.0(0)A1(3b)




Cisco Employee

Re: ACE TCP connection timeout

I know there is a ddts about this but just can't locate it right now.

Your customer MUST upgrade to A1.5

got it :


tcp conns are not closing properly causing new syns to drop silently


New Member

Re: ACE TCP connection timeout

Thanks Gilles!

The problem occurs only with traffic from WAP nodes (too many short HTTP requests).

We try it upgrade to A1(5b), but I'm not sure, if this is our problem...

Bug description:


With L7 LB configuration, Some times connections do not close.


SYN sent to Real server may result in ACK coming from server. ACE TCP module was not handling this ACK correctly.

...but our traffic is only L4 LB and we have a problem with connection state on the ACE from both sides (client and server). on the client and server side is connection closed properly, but on the ACE module ('sh conn') we can see it in 'established' state. It's closed after TCP timeout and that is not correct.


Cisco Employee

Re: ACE TCP connection timeout

if you see the same problem in A1(5) you'll need to capture a trace, the 'show conn det' showing the status of the connection.

Also from the 'show conn' you should get the NP id [1 or 2] and the connection id.

Then issue the command 'show np [1|2] me-stat "-c "'

Do it for both side of the connection.

Then open a service request and send all your data.

We'll need to review all this and if necessary create a new bug to fix your problem.



New Member

Re: ACE TCP connection timeout

after upgrade... the same situation. problem was solved with enabling 'normalization' (normalization was turned off on client side interface).

description about this is post to this forum, subject 'ACE with 'no normalization' - bug or feature?', jul 24, 2007.


CreatePlease login to create content