Guest

Preview Tool

Cisco Bug: CSCuo51043 - IOS Dynamic crypto map allows L2L peers not matching ISAKMP profile

Last Modified

Nov 27, 2020

Products (2)

  • Cisco 2600 Series Multiservice Platforms
  • Cisco 2600 Series Multiservice Platforms

Known Affected Releases

15.2(4)M 15.2(4)S 15.3(3)M 15.4(2)S 15.4(2.1)T

Description (partial)

Symptom:
The dynamic L2L peer will successfully bring up, both phase-1 and phase-2 although the isakmp profile does not cater to this new peer.

Conditions:
IOS L2L end-point catering to dynamic peers, with a dynamic crypto map, under which we have:
a) an isakmp profile that does not match the isakmp identity of this new peer
b) no crypto ACL [i.e. no 'match address' statement]

Note: a crypto ACL can be configured under the dynamic map, that is either an exact or a super-set mirror image of the peer's crypto ACL, although this is not mandatory.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.