BugZero | Cisco BugID CSCwf26771 - Invalid L4 Header drop due to multiple encap

Cisco - Defect ID: CSCwf26771

Invalid L4 Header drop due to multiple encap

Cisco - Defect ID: CSCwf26771

Invalid L4 Header drop due to multiple encap

Last updated on 5/8/2025

Overall: 7.87.8

Severity: 8.28.2

Lifecycle: 9.19.1

Popularity: 5.15.1

What is the BugZero Risk Score?

Vendor details

No defect details.

Overall: 7.87.8

Severity: 8.28.2

Lifecycle: 9.19.1

Popularity: 5.15.1

What is the BugZero Risk Score?

Vendor details

No defect details.

Symptom

Transit TCP packet drops at ZBFW due to Invalid L4 Header. Error in logs: %FW-6-DROP_PKT: Dropping tcp pkt from Tunnel1100 :646 => :34793(target:class)-(none:none) due to Invalid L4 header with ip ident 2399 tcp flag 0x0, seq 4126168512, ack 3361546304

Conditions

Multiple levels of encapsulation terminating at router with ZBFW. Types of encapsulation can include Q-in-Q and IPsec.

Workaround

Remove Q-in-Q and/or IPsec encryption.

Further Problem Description

Router# show platform hardware qfp active statistics drop detail 188 FirewallL4 116741 11676254 << Drops Increment

Original Vendor Announcement

9.65Defect ID: CSCwd45843
Auth Step latency for policy evaluation due to Garbage Collection activity.
9.65Defect ID: CSCwa92734
CUBE DTMF interworking fails from rtp-nte to OOB SIP methods
9.65Defect ID: CSCwj45822
Cisco ASA and FTD Software Remote Access VPN Brute Force Denial of Service Vulnerability
9.65Defect ID: CSCvo03458
PKI "revocation check crl none" does not fallback if CRL not reachable
9.65Defect ID: CSCvq05584
Cisco IOS and IOS XE Software Tcl Arbitrary Code Execution Vulnerability

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

Cisco - Defect ID: CSCwf26771

Invalid L4 Header drop due to multiple encap

Cisco - Defect ID: CSCwf26771

Invalid L4 Header drop due to multiple encap

Last updated on 5/8/2025

Vendor details

Vendor details

Description

Symptom

Conditions

Workaround

Further Problem Description

Links

Top Cisco defects by risk score

Ready to prevent the next vendor outage?