Cisco Bug: CSCum84172 - DMVPN: Need to protect nodes from being triggered as behind NAT.
Dec 17, 2018
- Cisco IOS
- Cisco ME 3600X-24TS-M Switch
- Cisco 7301 Router
- Cisco 7206 Router
- Cisco 7206VXR Router
- Cisco 7204 Router
- Cisco 7202 Router
- Cisco 7600 Series Route Switch Processor 720 with Multilayer Switch Feature Card
- Cisco ME 3600X-24FS-M Switch
- Cisco 7600 Series Route Switch Processor 720 with 10 Gigabit Ethernet Uplinks
Known Affected Releases
15.0M 15.1T 15.2(4)S
Symptom: Incorrect NHRP mapping information for a hub can be propagate throughout the DMVPN network and cause data packet forwarding via a spoke-hub-spoke path even when a spoke-spoke direct path has been built and the sending nodes "thinks" it is sending on the direct path. Conditions: A DMVPN spoke node is mis-configured with the correct tunnel IP address, but the wrong NBMA address for a hub (hub1). In this case the incorrect NBMA address would be for a different hub (hub2). Hub1 is configured to be both a hub and a spoke. I.e. it can be the end-point for spoke-spoke tunnels.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases