Preview Tool

Cisco Bug: CSCuo51043 - IOS Dynamic crypto map allows L2L peers not matching ISAKMP profile

Last Modified

Apr 19, 2019

Products (107)

  • Cisco IOS
  • Cisco 812 CiFi Integrated Services Router
  • Cisco ASR 901-6CZ-FS-D Router
  • Cisco 892W Integrated Services Router
  • Cisco 861W Integrated Services Router
  • Cisco 819 Hardened Integrated Services Router
  • Cisco 886VA-CUBE Integrated Services Router
  • Cisco C892FSP Integrated Services Router
  • Cisco 1905 Serial Integrated Services Router
  • Cisco 886VAG 3G Integrated Services Router
View all products in Bug Search Tool Login Required

Known Affected Releases

15.2(4)M 15.2(4)S 15.3(3)M 15.4(2)S 15.4(2.1)T

Description (partial)

The dynamic L2L peer will successfully bring up, both phase-1 and phase-2 although the isakmp profile does not cater to this new peer.

IOS L2L end-point catering to dynamic peers, with a dynamic crypto map, under which we have:
a) an isakmp profile that does not match the isakmp identity of this new peer
b) no crypto ACL [i.e. no 'match address' statement]

Note: a crypto ACL can be configured under the dynamic map, that is either an exact or a super-set mirror image of the peer's crypto ACL, although this is not mandatory.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.