Guest

Preview Tool

Cisco Bug: CSCup37416 - Stale VPN Context entries cause ASA to stop encrypting traffic

Last Modified

Sep 18, 2020

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

9.1(2.8) 9.1(3) 9.1(5.12) 9.1(6) 9.2(3) 9.5(2)

Description (partial)

Symptom:
ASAs which had a working L2L VPN tunnel suddenly stops encrypting traffic. 
The ASP table will show duplicate ASP entries and traffic is hitting an ASP entry
that is stale and the traffic for particular SA is blackholed.

Conditions:
ASA5500 running 9.1 or later code with IKEv2 L2L tunnels configured with default IKEv2 rekey configuration supporting both time and data-based rekeys.

Related Community Discussions

<key>CSCup37416</key> - Stale VPN Context entries cause ASA to stop encrypting traffic
Hi All, Does any one have an permanent fix for this issue? One of customer VPN connections suddenly stops the traffic and connection is lost. This is becoming an regular issue and would need an permanent fix immediately. My current firewall ISO is ASA Version 9.1(6)  Issue : Stale VPN Context entries cause ASA to stop encrypting traffic ASAs which had a working L2L VPN tunnel suddenly stops encrypting traffic.  The ASP table will show duplicate ASP entries and traffic is hitting an ASP entry that ...
Latest activity: Dec 23, 2017
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.