Guest

Preview Tool

Cisco Bug: CSCtb36521 - PKI get stuck in pager when requesting to fetch SCEP capabilites

Last Modified

Feb 15, 2018

Products (16)

  • Cisco IOS
  • Cisco Products
  • Cisco Catalyst 6500 Series Virtual Switching Supervisor Engine 720 with 10GE uplinks
  • Cisco Catalyst 6500 Series Supervisor Engine 2
  • Cisco Catalyst 6500 Supervisor Engine 32 PISA
  • Cisco 7600 Series Supervisor Engine 2 with Multilayer Switch Feature Card
  • Cisco Catalyst 6000 Series Multilayer Switch Feature Card 3 (MSFC3)
  • Cisco Catalyst 6000 Multilayer Switch Feature Card MSFC2
  • Cisco Catalyst 6513 Switch
  • Cisco Catalyst 6500 Series Supervisor Engine 32 / MSFC2A
View all products in Bug Search Tool Login Required

Known Affected Releases

12.2(33)SXH4

Description (partial)

Symptoms: A Cisco Catalyst 6500 may stop processing IKE traffic, which 
 results in IPSec tunnels not working. Under extreme circumstances, system IO 
 memory might become completely depleted, at which point all traffic 
 processing will stop.
 
 Conditions: This symptom is observed on a Cisco Catalyst 6500 with a VPN-SPA 
 module running a Cisco IOS SXH image when PKI infrastructure is used to 
 authenticate IKE peers. The certificate in use must contain a CDP that uses 
 HTTP protocol to retrieve the CRL. Revocation-check must be configured to 
 fetch the CRL using the <CmdBold>revocation-check
<noCmdBold> <CmdArg>crl<noCmdArg> or <CmdBold>revocation-check
<noCmdBold> <CmdArg>crl none<noCmdArg> command.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.