Preview Tool

Cisco Bug: CSCum46324 - GETVPN KS doesn't send rekey to re-registered GM after WAN failure

Last Modified

Oct 14, 2019

Products (73)

  • Cisco IOS
  • Cisco C892FSP Integrated Services Router
  • Cisco C897VA Integrated Services Router
  • Cisco 812 CiFi Integrated Services Router
  • Cisco 888W Integrated Services Router
  • Cisco 881SRSTW Integrated Services Router
  • Cisco 861W Integrated Services Router
  • Cisco 2951 Integrated Services Router
  • Cisco 886VAG 3G Integrated Services Router
  • Cisco VG204XM Analog Voice Gateway
View all products in Bug Search Tool Login Required

Known Affected Releases


Description (partial)

During operation of a GETVPN deployment which has connectivity problems between a Key Server (KS) and a registered Group Member (GM), the GM does not receive a rekey from the KS after connectivity is restored & the GM re-registers to the KS. When the GM re-registers, the KS does not reset the counters for rekey acks missed for the GM, as it should (seen in "show crypto gdoi ks members" output). If the KS had already sent 2 unacknowledged rekeys before the GM re-registers, the GM is deleted from the KS at the next scheduled rekey time and the GM still does not receive a rekey, even though it re-registered.

A WAN / network failure causes a registered GM to lose connectivty to the KS, so rekey messages from the KS do not reach the GM and rekey acknowledgement messages from the GM do not reach the KS. Once the WAN / network failure is resolved, even when the GM re-registers successfully, the KS deletes the GM at the next scheduled rekey, the KS does not send a rekey to the GM, and the GM must re-register again.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.