Guest

Preview Tool

Cisco Bug: CSCun25912 - IKEv2 auto-reconnect: some virtual-access dynamic configs are lost

Last Modified

Oct 14, 2019

Products (1)

  • Cisco ASR 1000 Series Aggregation Services Routers

Known Affected Releases

15.4(1)S

Description (partial)

Symptom: Configurations dynamically applied to the virtual-access interface might be lost over the reconnection while using the autoreconnect feature on Cisco Anyconnect on the ASR platform.

For example, the interface after initial connection establishment would have a QOS service policy applied:

ROUTER#sh derived-config int virtual-access 1

!
interface Virtual-Access1
 ip unnumbered GigabitEthernet0/0/1
 tunnel source 10.1.1.1
 tunnel mode ipsec ipv4
 tunnel destination 10.10.1.100
 tunnel protection ipsec profile ipsec-profile
 no tunnel protection ipsec initiate
 service-policy input INPUT-POLICY
end


After reconnection the INPUT-POLICY is missing:

ROUTER#sh derived-config int virtual-access 1

!
interface Virtual-Access1
 ip unnumbered GigabitEthernet0/0/1
 tunnel source 10.1.1.1
 tunnel mode ipsec ipv4
 tunnel destination 10.10.1.100
 tunnel protection ipsec profile ipsec-profile
 no tunnel protection ipsec initiate
end

Conditions: This symptom is observed with configurations being applied from the user AAA profile over radius authentication. Affected parameters observed are QOS service policies and access-group.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.