Cisco Bug: CSCsz22256 - ASA disconnects IPSec VPN client at P2 rekey with vlan mapping in grppol
Nov 09, 2016
- Cisco ASA 5500-X Series Firewalls
Known Affected Releases
Symptom: VLAN mapping for VPN users on the group-policy fails after a IPSec P2 rekey Conditions: In case where IKE phase lifetime is set to one hour on the ASA and at the time phase 2 will rekey the VPN session is dropped and the message is logged if VLAN mapping is configured. packets are droped by the ASA with the following messages logged: %ASA-6-730002: Group <UserVPN> User <test> IP <10.100.192.10> VLAN Mapping to VLAN <190> failed. If no VLAN mapping is configured under the group-policy the rekey succeeds and the session does not terminate.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases