Preview Tool

Cisco Bug: CSCtb58882 - GETVPN: KS doesn't send ANN message if clear cry gdoi issued on GM

Last Modified

Sep 18, 2015

Products (1)

  • Cisco IOS

Known Affected Releases

12.4(24.6)PI11 15.0(1)M

Description (partial)

When a GM is registering to the secondary KS, if a <CmdBold>clear crypto gdoi<CmdBold> is issued on the GM before the registration is complete, the secondary doesn't send an ANN message to the primary KS.

In unicast rekey mode, the primary will not find out about the GM that registered to the secondary KS and will not send rekey messages to it. The primary KS will find out about the GM at the next ANN message but until that happens, the GM will keep registering to the secondary KS.

In multicast rekey, there is no effect on the system because the GM registered to the secondary KS will continue to receive rekeys.

The problem with the GM re-registering is only seen in unicast rekey mode.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.