Cisco Bug: CSCun07779 - IPSec malfunctions when crypto ACL contains overlapping/duplicate entry
Last Modified
Nov 27, 2020
Products (1)
- Cisco Adaptive Security Appliance (ASA) Software
Known Affected Releases
9.1(4)
Description (partial)
Symptom: When duplicate entry exists in a Crypto ACL, ikev1 and ikev2 shows unusual behaviors. 1. Ikev2 - here ASA creates multiple child SAs for the same pair of source and destination. 2. Ikev1 - unable to pass traffic (no encaps and decaps can be seen), even if the sa is up and both of the sides are using correct pair of SPIs. Conditions: This behavior is seen when a crypto access-list with a duplicate entry is applied to a crypto-map entry.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Status
- Severity
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases