Preview Tool

Cisco Bug: CSCuq05270 - ASR1k/XE373 stopped fwd'ing IPSEC paks due to crypto engine in deadlock

Last Modified

Sep 14, 2019

Products (1)

  • Cisco ASR 1000 Series Aggregation Services Routers

Known Affected Releases


Description (partial)

ASR1K router with single ESP20/RP1 started logging the following error message:
Jul 18 03:08:19.614 CEST: %CMFP-3-N2_INPUT_EXCEPT: F0: cman_fp:  Crypto device overloaded. : type low_priority_q: 0x002011FF
While the ESP20 card didn't crash the router blackholed all IPSEC traffic. Cleartext traffic was not affected.

ASR1K router processing IPSEC traffic (multiple crypto maps configured)
Seen with IOS XE3.7.3 - 152-4.S3
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.