BugZero | Cisco BugID CSCvw55744 - When NAT Sampling timeout is configured, TCP trans...

OPERATIONAL DEFECT DATABASE

...

BugZero | Cisco BugID CSCvw55744 - When NAT Sampling timeout is configured, TCP trans...

Cisco - Defect ID: CSCvw55744

When NAT Sampling timeout is configured, TCP translation timeout never takes effect

Cisco - Defect ID: CSCvw55744

When NAT Sampling timeout is configured, TCP translation timeout never takes effect

Last updated on February 8th, 2024

BugZero Risk Score
6.1 Medium

Overall: 6.1

Severity: 6.4

Lifecycle: 9.1

Popularity: 4.6

What is the BugZero Risk Score?

Cisco Integration

Learn more about where this data comes from

Cisco Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Bug Details

Description

Symptom

When NAT sampling timeout and TCP timeout are both configured, the TCP timeout is ignored. After the sampling timeout expires, the general NAT translation timeout counts down, and the entry is aged out without the TCP timeout ever triggering. TCP/UDP timeouts are not honored when set to default values. # show run all ip nat translation tcp-timeout 3600 ip nat translation udp-timeout 3600 If you re-configure TCP/UDP timeout to different value than default (3600 s) then problem is not seen and configured timeouts are honored. # show run all ip nat translation tcp-timeout 3000 ip nat translation udp-timeout 2500

Conditions

This issue affects TCP dynamic NAT translations on Nexus 3548 and 3524 switches running 9.3(6) or lower code.

Workaround

- configure TCP/UDP timeouts to different value than default one. After that, values should be honored. - configure higher sampling-timeout value to make up for the missing TCP timeout value

Further Problem Description

Change history

2024-02-08 Added: 9.3(6)

Top Cisco Defects

9.7Defect ID: CSCvq56135
C9200 stack member switches reset with reset reason as stack merge
9.7Defect ID: CSCwc94466
Cisco ASA/FTD Firepower 2100 SSL/TLS Denial of Service Vulnerability
9.7Defect ID: CSCvg76186
Cisco Smart Install Remote Code Execution and Denial of Service Vulnerability
9.7Defect ID: CSCul39674
Fabric link retrain between typhoon and RSP440 (RX)
9.7Defect ID: CSCvx32806
Access Points stuck in bootloop due to image checksum verification failed

Cisco Integration

Learn more about where this data comes from

Cisco Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

Cisco - Defect ID: CSCvw55744

When NAT Sampling timeout is configured, TCP translation timeout never takes effect

Cisco - Defect ID: CSCvw55744

When NAT Sampling timeout is configured, TCP translation timeout never takes effect

Last updated on February 8th, 2024

BugZero Risk Score6.1 Medium

Bug Details

Symptom

Conditions

Workaround

Further Problem Description

Links

Top Cisco Defects

Ready to prevent the next vendor outage?

BugZero Risk Score
6.1 Medium