Guest

Preview Tool

Cisco Bug: CSCul64980 - Acct-stop for VPN session doesn't send out when failover occurred

Last Modified

Nov 27, 2020

Products (2)

  • Cisco Adaptive Security Appliance (ASA) Software
  • Cisco Adaptive Security Appliance (ASA) Software

Known Affected Releases

8.4(3) 8.4(6)

Description (partial)

Symptom:
No accounting stop packet is produced occasionally after failover is happened and the ASA destroys the VPN session because of idle timeout.

Conditions:
- Constructing failover pair
- VPN session is initiated before failover
- VPN session is destroyed by idle timeout after failover

- When the failover happens right before the update timer sends over the information that the accounting start happened, that fact will be lost on the secondary that became primary and the session will never send an accounting stop because it is not apparent that an accounting start took place.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.