Guest

Preview Tool

Cisco Bug: CSCuj35490 - IPSec DRS testing failed with FIPS mode enabled

Last Modified

Oct 15, 2015

Products (1)

  • Cisco Unified Communications Manager (CallManager)

Known Affected Releases

10.0(1.99999.5)

Description (partial)

Symptom:
servers doesnt come up with the  ipsec policy after restoring because of pluto not running.

Conditions:
Stage 1:
1.	Fresh installed ccmA and ccmB with latest cc_mainline (301).
2.	By default both were up in Se-linux Enforce mode
3.	Enabled fips on both servers
4.	Pluto was running
5.	Created Ipsec policies with Certificate exchange method and Ipsec validated successfully
6.	Took drs backup of ccmA and ccmB.

Stage 2:
1.	Fresh installed ccmA and ccmB with latest cc_mainline (301) once again
2.	By default both were up in Se-linux Enforce mode
3.	Added the same backup device and restored the files successfully on both servers
4.	Rebooted the servers
5.	Servers were up in fips mode and Ipsec policies were in place
6.	But, Ipsec validation is failing because pluto is down irrespective of selinux status.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.