Cisco Bug: CSCtf07474 - TCP over IPsec session is failed after EZVPN session up and disconnected
Jan 30, 2017
- Cisco IOS
Known Affected Releases
Symptoms: TCP sessions fail to establish between two routers over an IPSEC VPN tunnel after an EZVPN client session has been established and torn down to the two routers. The TCP sessions could be a telnet or H.323 sessions that terminate and originate between the two routers. Logs show: %FW-6-DROP_PKT: Dropping tcp session 192.168.10.1:58553 192.168.20.1:23 due to Invalid Segment with ip ident 35331 tcpflags 0x5010 seq.no 2978402186 ack 1370657297 Conditions: The symptom is observed under the following conditions: - Two routers setup with IPSEC point-to-point VPN. - Using Cisco IOS Release is 15.0(1)XA or later. - Both routers are setup as EZVPN servers. - An EZVPN session has been established to one of the routers and has been disconnected.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases