Cisco Bug: CSCuo51043 - IOS Dynamic crypto map allows L2L peers not matching ISAKMP profile
Last Modified
Nov 27, 2020
Products (2)
- Cisco 2600 Series Multiservice Platforms
- Cisco 2600 Series Multiservice Platforms
Known Affected Releases
15.2(4)M 15.2(4)S 15.3(3)M 15.4(2)S 15.4(2.1)T
Description (partial)
Symptom: The dynamic L2L peer will successfully bring up, both phase-1 and phase-2 although the isakmp profile does not cater to this new peer. Conditions: IOS L2L end-point catering to dynamic peers, with a dynamic crypto map, under which we have: a) an isakmp profile that does not match the isakmp identity of this new peer b) no crypto ACL [i.e. no 'match address' statement] Note: a crypto ACL can be configured under the dynamic map, that is either an exact or a super-set mirror image of the peer's crypto ACL, although this is not mandatory.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Status
- Severity
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases