Cisco Bug: CSCuo79154 - "no set security-association idle-time" not reflected in configs

Last Modified

Apr 19, 2019

Products (1)

Cisco IOS

Known Affected Releases

15.3(2.25)T

Description (partial)

Symptom:
After saving, I reloaded the device and got a show run command

Router#show run | sec crypto

crypto ipsec profile TUNNEL-AES
set security-association idle-time 750
set transform-set AESSHA

Then I use the no set security-association idle-time command
Router#show run | sec crypto
crypto ipsec profile TUNNEL-AES
set transform-set AESSHA

You can see that the command doesn't appear neither in the show run, or show run all | sec crypto
crypto ipsec profile TUNNEL-AES
set security-association lifetime kilobytes 4608000
set security-association lifetime seconds 3600
set security-association idle-time 120      <------ With the show run all I saw this
no set security-association replay window-size

Conditions:
command doesn't appear neither in the show run, or show run all | sec crypto
crypto ipsec profile TUNNEL-AES
set security-association lifetime kilobytes 4608000
set security-association lifetime seconds 3600
set security-association idle-time 120      <------ 
no set security-association replay window-size

View Bug Details in Bug Search Tool Login Required

Why Is Login Required?

Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

Full Description (including symptoms, conditions and workarounds)
Status
Severity
Known Fixed Releases
Related Community Discussions
Number of Related Support Cases

Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.

Learn More About Cisco Service Contracts