Preview Tool

Cisco Bug: CSCtf18166 - Handling IPsec classification of egress fragmented packet

Last Modified

Feb 22, 2017

Products (1)

  • Cisco ASR 1000 Series Aggregation Services Routers

Known Affected Releases


Description (partial)

Some fragmented TCP/UDP traffic may not be encrypted or may be encrypted with the wrong key.

When the crypto policy is specified such that the IP source and destination addresses and IP
protocol are easily matched, and with L4 port information, the fragments which do not have L4
information (for example, the non-first fragment) may be wrongly matched to outgoing encryption
policy. The fragments may go clear or may be encrypted using wrong key.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.