Guest

Preview Tool

Cisco Bug: CSCtf07474 - TCP over IPsec session is failed after EZVPN session up and disconnected

Last Modified

Jan 30, 2017

Products (1)

  • Cisco IOS

Known Affected Releases

15.0(1)XA

Description (partial)

Symptoms: TCP sessions fail to establish between two routers over an IPSEC VPN
 tunnel after an EZVPN client session has been established and torn down to the
 two routers. The TCP sessions could be a telnet or H.323 sessions that
 terminate and originate between the two routers. Logs show:
 
 %FW-6-DROP_PKT: Dropping tcp session 192.168.10.1:58553 192.168.20.1:23  due to
  Invalid Segment with ip ident 35331 tcpflags 0x5010 seq.no 2978402186 ack
 1370657297
 
 Conditions: The symptom is observed under the following conditions:
 
 - Two routers setup with IPSEC point-to-point VPN.
 - Using Cisco IOS Release is 15.0(1)XA or later. 
 - Both routers are setup as EZVPN servers.
 - An EZVPN session has been established to one of the routers and has been
 disconnected.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.