Cisco Bug: CSCuq00749 - GETVPN: Rate-limiting IPSEC triggered registration on GM
Last Modified
Sep 14, 2019
Products (1)
- Cisco IOS
Known Affected Releases
15.3(3)S3.6
Description (partial)
Symptom: When IPSEC PI encounter errors in installing IPSEC SAs to HW-crypto, it will trigger GDOI to re-register. If the SAs installation error happen very rapidly, it will in turn request GDOI to perform rapid re-registration. This operation will consume a lot of CPU and make the GM-routers not operating. Conditions: This problem only happen if HW crypto-engine has gone into an error state and many IPSEC SA installation fail
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Status
- Severity
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases