Cisco Bug: CSCtf18166 - Handling IPsec classification of egress fragmented packet
Feb 22, 2017
- Cisco ASR 1000 Series Aggregation Services Routers
Known Affected Releases
<B>Symptom:</B> Some fragmented TCP/UDP traffic may not be encrypted or may be encrypted with the wrong key. <B>Conditions:</B> When the crypto policy is specified such that the IP source and destination addresses and IP protocol are easily matched, and with L4 port information, the fragments which do not have L4 information (for example, the non-first fragment) may be wrongly matched to outgoing encryption policy. The fragments may go clear or may be encrypted using wrong key.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases