Preview Tool

Cisco Bug: CSCul04434 - GETVPN IPv6 inconsistent behaviour if ipv6 crypto map on two interfaces

Last Modified

Feb 13, 2018

Products (9)

  • Cisco IOS
  • Cisco 7301 Router
  • Cisco 7206 Router
  • Cisco 7206VXR Router
  • Cisco 7204 Router
  • Cisco 7202 Router
  • Cisco 7200 Series NPE-G2 Network Processing Engine
  • Cisco 7201 Router
  • Cisco 7204VXR Router

Known Affected Releases

15.2(4)M 15.2(4)M4.5

Description (partial)

Given a GETVPN GM that is configured with an ipv6 crypto map, if that crypto map is applied
to two interfaces (one common identity, e.g. loopback) and if certain configuration operations are performed,
the GM will loose connectivity to the ipv6 group.

If the GM has dual-stack interfaces with both an ipv4 and an ipv6 crypto map. The IPv4 GETVPN functionality
will not be affected while triggering the event documented in this defect.

Performing configuration operations that follow the patterns described below :

0.    IPv6 Crypto Map applied to two interface (E0/0 and E2/0, lets call them Primary and Secondary)
      At this stage all works well IPv6 traffic is encrypted between two test GMs.

1.    Shut down Secondary interface (E2/0)
      Result, no change in functionality GM can still exchange encrypted IPv6 traffic with

2.    Remove the ipv6 crypto map from the Primary interface (E0/0, while E2/0 is in admin shutdown 
      state).   Result, IPv6 traffic is sent out in clear text

3. Re-apply crypto map to the Primary interface (i.e. E0/0)
    Result, no change, packets are still being sent out in clear text, even
    though GDOI sees the E0/0 interface as associated with the cry map and group.

4. Remove the crypto map from the Secondary interface which is still in shutdown state
    Result : No change in the behavior

5. Remove and re-apply the crypto map on the Primary interface 
    Result : GM re-registers
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.