Preview Tool

Cisco Bug: CSCtf07474 - TCP over IPsec session is failed after EZVPN session up and disconnected

Last Modified

Jan 30, 2017

Products (1)

  • Cisco IOS

Known Affected Releases


Description (partial)

Symptoms: TCP sessions fail to establish between two routers over an IPSEC VPN
 tunnel after an EZVPN client session has been established and torn down to the
 two routers. The TCP sessions could be a telnet or H.323 sessions that
 terminate and originate between the two routers. Logs show:
 %FW-6-DROP_PKT: Dropping tcp session  due to
  Invalid Segment with ip ident 35331 tcpflags 0x5010 2978402186 ack
 Conditions: The symptom is observed under the following conditions:
 - Two routers setup with IPSEC point-to-point VPN.
 - Using Cisco IOS Release is 15.0(1)XA or later. 
 - Both routers are setup as EZVPN servers.
 - An EZVPN session has been established to one of the routers and has been
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.