Cisco Bug: CSCul45522 - ISM-VPN Fails to send PHASE2_DELETE notification during INVALID_SPI
Jan 30, 2017
- Cisco 3900 Series Integrated Services Routers
Known Affected Releases
Symptom: On this DMVPN Hub, in a situation where it maintains phase-1 SA, but not a phase-2 SA with a spoke, whereas the Spoke maintains both the Phase-1 and Phase-2 SAs, the Hub fails to send Phase2_Delete notification to the spoke upon receiving ESP packets [Invalid_SPI] from the Spoke. This outage may continue till the phase-2 SA needs to get rekeyed. Conditions: This symptom is observed in ISR-G2 [1900, 2900, 3900] with an ISM-VPN Module in the Active State [as seen in 'Further Problem Description' below]. ISR-G2 is configured as the DMVPN Hub.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases