Guest

Preview Tool

Cisco Bug: CSCuq05270 - ASR1k/XE373 stopped fwd'ing IPSEC paks due to crypto engine in deadlock

Last Modified

Feb 28, 2018

Products (1)

  • Cisco ASR 1000 Series Aggregation Services Routers

Known Affected Releases

15.2(4)S3

Description (partial)

Symptom:
ASR1K router with single ESP20/RP1 started logging the following error message:
Jul 18 03:08:19.614 CEST: %CMFP-3-N2_INPUT_EXCEPT: F0: cman_fp:  Crypto device overloaded. : type low_priority_q: 0x002011FF
While the ESP20 card didn't crash the router blackholed all IPSEC traffic. Cleartext traffic was not affected.

Conditions:
ASR1K router processing IPSEC traffic (multiple crypto maps configured)
Seen with IOS XE3.7.3 - 152-4.S3
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.