Guest

Preview Tool

Cisco Bug: CSCun10243 - ASR5K CLI (show crypto ikev2) names "cookie" instead of "SPI Responder"

Last Modified

Dec 24, 2016

Products (1)

  • Cisco ASR 5000 Series

Known Affected Releases

14.0(1)

Description (partial)

<B>Symptom:</B>
Output of "show crypto ikev2-ikesa security-associations summary cookies" show predictable cookies values

<B>Conditions:</B>
On a node configured with IKEv2
 
Note: The output of the CLI command is actually showing the local and remote SPI values, not the cookies:
 
asr5k# show crypto ikev2-ikesa security-associations summary cookies

Local IPSec GW    Remote IPSec GW  Initiator Cookie                     Responder Cookie          lifetime
=============   =============== ===========                      ===============         ======
192.168.0.1            10.10.10.10              0xA97DF80717299271     0x010000000010CE00  82341
192.168.0.1            10.20.103.10            0x0A8D6CB4EF16D821   0x020000000010CE00  82340
192.168.0.1            10.125.180.7            0x7D8C54AC390CA3DE  0x030000000010CE00  82341
 
This bug will be used to correct this cosmetic issue.
 
This is in conformance with IKEv2 RFCs where the SPI values should be unique and not necessarily random.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.