Preview Tool

Cisco Bug: CSCtd36473 - IPsec: Outbound context may be deleted prematurely

Last Modified

Mar 06, 2018

Products (2)

  • Cisco ASA 5500-X Series Firewalls
  • Cisco ASA 5580 Adaptive Security Appliance

Known Affected Releases

8.0 8.2(2)

Description (partial)

Outbound encryption traffic in an IPsec tunnel may fail, even if inbound decryption traffic is working.
This issue has been observed on an IPsec connection after multiple rekeys, but the trigger condition is not clear. The presence of this issue can be established by checking the output of "show asp drop" and verifying that the Expired VPN context counter is increasing for each outbound packet sent.

Related Community Discussions

One subnet of L2L VPN stops working periodically
I have two Cisco ASA 5520's running software version 8.2(2) set up in a HA pair. The L2L vpn is set up and works as expected between this site and another. The issue is that every few months, one subnet of the VPN, the same one all the time, stops forwarding/receiving traffic. The device in the remote location is not a Cisco device but I am certain the issue lies with the ASA as when I fail over to the slave device the VPN works again, failing back again however stays with the subnet still not passing ...
Latest activity: Jun 17, 2011
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.