Cisco Bug: CSCup37416 - Stale VPN Context entries cause ASA to stop encrypting traffic
Sep 18, 2020
- Cisco ASA 5500-X Series Firewalls
Known Affected Releases
9.1(2.8) 9.1(3) 9.1(5.12) 9.1(6) 9.2(3) 9.5(2)
Symptom: ASAs which had a working L2L VPN tunnel suddenly stops encrypting traffic. The ASP table will show duplicate ASP entries and traffic is hitting an ASP entry that is stale and the traffic for particular SA is blackholed. Conditions: ASA5500 running 9.1 or later code with IKEv2 L2L tunnels configured with default IKEv2 rekey configuration supporting both time and data-based rekeys.
Related Community Discussions
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases