Guest

Preview Tool

Cisco Bug: CSCtd68547 - GETVPN: ASR1k does handle differently local deny policies

Last Modified

Mar 09, 2018

Products (13)

  • Cisco IOS
  • Cisco 7301 Router
  • Cisco 7206 Router
  • Cisco 7206VXR Router
  • Cisco 7204 Router
  • Cisco 7202 Router
  • Cisco 7600 Series Route Switch Processor 720 with Multilayer Switch Feature Card
  • Cisco 7600 Series Route Switch Processor 720 with 10 Gigabit Ethernet Uplinks
  • Cisco 7600 Series Supervisor Engine 32 with Multilayer Switch Feature Card
  • Cisco 7200 Series NPE-G2 Network Processing Engine
View all products in Bug Search Tool Login Required

Known Affected Releases

12.2(33)XND2 12.2(33)XNE 15.1(1)S 15.1(3)S2

Description (partial)

Symptom:

10.10.10.0/24[ClearText - LAN ]----ASR1k====GETVPN encrypted WAN=====GM 10.10.11.0/24[clear text - LAN]

Flows between 10.10.10.0/24 and 10.10.11.0/24 are supposed to go in clear via a local deny policy [ as documented below]

However the ASR1k is dropping the flow
Conditions:

access-list 199 deny ip 10.10.10.0 0.0.0.255 10.10.11.0 0.0.0.255

crypto map map-group1 10 gdoi                                              
 set group group1           
 match address 199
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.