Guest

Preview Tool

Cisco Bug: CSCuo29299 - ISR CRL retrieval works with http not allowed on COPP management int

Last Modified

Dec 13, 2019

Products (89)

  • Cisco IOS
  • Cisco 886VAG 3G Integrated Services Router
  • Cisco 888W Integrated Services Router
  • Cisco 819 Hardened Integrated Services Router
  • Cisco 886VA-CUBE Integrated Services Router
  • Cisco 1905 Serial Integrated Services Router
  • Cisco VG204XM Analog Voice Gateway
  • Cisco 861W Integrated Services Router
  • Cisco C892FSP Integrated Services Router
  • Cisco 812 CiFi Integrated Services Router
View all products in Bug Search Tool Login Required

Known Affected Releases

15.2(4)M 15.4(1)T1

Description (partial)

Symptom:
Even though COPP does not allow HTTP, CRL retrieval works fine on ISRs. 
On ASRs however, this feature works as expected.

Conditions:
ISR with COPP configured to block certain management-access protocols including HTTP:

control-plane host
  management-interface gig0/0 allow tftp

This box also acts as a PKI client, where it has to download CRL using HTTP [while validating certificates] sourced from this management-interface
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.