Guest

Preview Tool

Cisco Bug: CSCun19584 - GETVPN GM Recovery: correct pubkey hash calculation

Last Modified

Oct 14, 2019

Products (1)

  • Cisco IOS

Known Affected Releases

15.4(1.25)T

Description (partial)

RNE Enclosure

Symptom:
This DDTS ONLY affect the "GETVPN invalid-SPI-recovery" feature when KS/GMs are using ip-address as group identity.  

When enabling GETVPN feature of "invalid SPI recovery", the KS and GMs are using unnecessary information in the addrtype data structure to calculate a hash value for invalid SPI checking. Although, this implementation causes no problem in the "invalid SPI recovery" feature in this IOS and earlier releases, there is no guarantee this feature will work well with the future IOS releases if there is changes made to the addrtype data-structure later. So, this DDTS will correct the hash calculation in both KS and GMs by using only the necessary parameters inside addrtype data-structure when calculating the hash.

Note: If KS/GMs are using ip-address as GETVPN group-ID, here is the compatibility impact after this fix is deployed:

1) All KS(s) and GMs must use IOS without CSCun19584 fix in order for invalid-dpi-recovery to work correctly

Or

2) All KS(s) and GMs must use IOS with CSCun19584 fix in order for invalid-dpi-recovery to work correctly

Again, if the KS/GMs are using number as groupID (instead of ip-address), this DDTS does not affect the invalid-SPI-recovery feature and there is no compatibility issue

Conditions:
This DDTS only affect GETVPN invalid-SPI recovery feature when KS/GMs are using ip-address as groupID
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.