Cisco Bug: CSCuj35490 - IPSec DRS testing failed with FIPS mode enabled
Oct 15, 2015
- Cisco Unified Communications Manager (CallManager)
Known Affected Releases
Symptom: servers doesnt come up with the ipsec policy after restoring because of pluto not running. Conditions: Stage 1: 1. Fresh installed ccmA and ccmB with latest cc_mainline (301). 2. By default both were up in Se-linux Enforce mode 3. Enabled fips on both servers 4. Pluto was running 5. Created Ipsec policies with Certificate exchange method and Ipsec validated successfully 6. Took drs backup of ccmA and ccmB. Stage 2: 1. Fresh installed ccmA and ccmB with latest cc_mainline (301) once again 2. By default both were up in Se-linux Enforce mode 3. Added the same backup device and restored the files successfully on both servers 4. Rebooted the servers 5. Servers were up in fips mode and Ipsec policies were in place 6. But, Ipsec validation is failing because pluto is down irrespective of selinux status.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases