Guest

Preview Tool

Cisco Bug: CSCsz22256 - ASA disconnects IPSec VPN client at P2 rekey with vlan mapping in grppol

Last Modified

Feb 16, 2018

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

8.0(4.23)

Description (partial)

Symptom:

VLAN mapping for VPN users on the group-policy fails after a IPSec P2 rekey

Conditions:

In case where IKE phase lifetime is set to one hour on the ASA and at the time phase 2 will rekey the VPN session is dropped and the message is logged if VLAN mapping is configured.
packets are droped by the ASA with the following messages logged:

 %ASA-6-730002: Group <UserVPN> User <test> IP <10.100.192.10> VLAN Mapping to VLAN <190> failed.

If no VLAN mapping is configured under the group-policy the rekey succeeds and the session does not terminate.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.