Cisco Bug: CSCuo51043 - IOS Dynamic crypto map allows L2L peers not matching ISAKMP profile

Last Modified

Nov 27, 2020

Products (2)

Cisco 2600 Series Multiservice Platforms
Cisco 2600 Series Multiservice Platforms

Known Affected Releases

15.2(4)M 15.2(4)S 15.3(3)M 15.4(2)S 15.4(2.1)T

Description (partial)

Symptom:
The dynamic L2L peer will successfully bring up, both phase-1 and phase-2 although the isakmp profile does not cater to this new peer.

Conditions:
IOS L2L end-point catering to dynamic peers, with a dynamic crypto map, under which we have:
a) an isakmp profile that does not match the isakmp identity of this new peer
b) no crypto ACL [i.e. no 'match address' statement]

Note: a crypto ACL can be configured under the dynamic map, that is either an exact or a super-set mirror image of the peer's crypto ACL, although this is not mandatory.

View Bug Details in Bug Search Tool Login Required

Why Is Login Required?

Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

Full Description (including symptoms, conditions and workarounds)
Status
Severity
Known Fixed Releases
Related Community Discussions
Number of Related Support Cases

Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.

Learn More About Cisco Service Contracts