Cisco Bug: CSCun10243 - ASR5K CLI (show crypto ikev2) names "cookie" instead of "SPI Responder"
Dec 24, 2016
- Cisco ASR 5000 Series
Known Affected Releases
<B>Symptom:</B> Output of "show crypto ikev2-ikesa security-associations summary cookies" show predictable cookies values <B>Conditions:</B> On a node configured with IKEv2 Note: The output of the CLI command is actually showing the local and remote SPI values, not the cookies: asr5k# show crypto ikev2-ikesa security-associations summary cookies Local IPSec GW Remote IPSec GW Initiator Cookie Responder Cookie lifetime ============= =============== =========== =============== ====== 192.168.0.1 10.10.10.10 0xA97DF80717299271 0x010000000010CE00 82341 192.168.0.1 10.20.103.10 0x0A8D6CB4EF16D821 0x020000000010CE00 82340 192.168.0.1 10.125.180.7 0x7D8C54AC390CA3DE 0x030000000010CE00 82341 This bug will be used to correct this cosmetic issue. This is in conformance with IKEv2 RFCs where the SPI values should be unique and not necessarily random.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases