[c-nsp] ACE & load-balancing of DNS / ALG / inspection
Phil Mayers
p.mayers at imperial.ac.uk
Wed Jun 24 10:31:57 EDT 2009
> So, it seems to be some kind of analogous feature to TCP SYN protect or
> such like, to protect a client flooding a server.
All,
Cisco have identified this as a bug, fixed in 1.5 - CSCsw52831 /
CSCsu42225 "udp packets are dropped by ace". It's a timing-related issue
in session setup.
Many thanks to the guys at TAC, who were extremely quick and effective
on this, and thanks to all who gave suggestions on the list.
More information about the cisco-nsp
mailing list