Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
439
Views
0
Helpful
1
Replies

what does the bug mean?

p.kodzis
Level 1
Level 1

‎10-21-2002 12:04 AM

hello,

what is the meaning of that bug?

===

CSCdx35082 - When the CSS detects a mid-NAT reject, the RST (reset) going back to the client has a sequence number of 0.

===

at the momement I use CSS 11005 with app v 5.00.

I have two layers of CSSs:

-one I use load balancing over a few SSL servers

-sec I use for firewall load balancing

so my topology looks like:

SSL

SSL---CSS11005_B-----PIX-----CSS11005_A-----router_IOS----Internet

... PIX

SSL

only router_IOS has a public IP address, all other IPs are private

on the router_IOS there is a static NAT for VIP from CSS11005_B

CSS11005_A is used only for firewall loadbalancing and there is not NAT

PIXs do not make a NAT - only route

CSS11005_B gives VIP for SSL cluster, so there is a NAT

all works fine since over a year. but time to time I recive an information for my support departament, that there is a client who cannot use our SSL.

it is always the same situation: client use some kind of address translation at his point of Internet connection; behind his NAT he cannot use my SSL; If he connect directly to the Internet all works fine.

I am wondering is it possible to tunne something at my side to fix that kind of problems?

regards

Labels:
0 Helpful
1 Reply 1

lisa.hall
Level 2
Level 2

‎10-25-2002 08:52 AM

I am not sure if there is something to tune or not but according to the following release notes, that bug is fixed in v.5.20. You may need to get with Cisco to see if there is a workaround.

http://www.cisco.com/en/US/products/hw/contnetw/ps792/prod_release_note09186a00800e03a6.html

0 Helpful
Customers Also Viewed These Support Documents