Preview Tool

Cisco Bug: CSCul45522 - ISM-VPN Fails to send PHASE2_DELETE notification during INVALID_SPI

Last Modified

Jan 30, 2017

Products (1)

  • Cisco 3900 Series Integrated Services Routers

Known Affected Releases

15.2(4)M 15.3(3)M

Description (partial)

Symptom: On this DMVPN Hub, in a situation where it maintains phase-1 SA, but not a phase-2 SA with a spoke, whereas the Spoke maintains both the Phase-1 and Phase-2 SAs, the Hub fails to send Phase2_Delete notification to the spoke upon receiving ESP packets [Invalid_SPI] from the Spoke.

This outage may continue till the phase-2 SA needs to get rekeyed.
Conditions: This symptom is observed in ISR-G2 [1900, 2900, 3900] with an ISM-VPN Module in the Active State [as seen in 'Further Problem Description' below]. ISR-G2 is configured as the DMVPN Hub.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.