Cisco Bug: CSCuq63745 - ENH:ASA L2L-Configuring duplicate entries for same peer must throw error
Apr 19, 2020
- Cisco ASA 5500-X Series Firewalls
Known Affected Releases
Symptom: While configuring site-to-site tunnels, we currently allows the configuration of duplicate crypto map entries for the same peer as long as the crypto map sequence numbers are different. For example: crypto map Outside_map 1 match address out_cryptomap crypto map Outside_map 1 set peer 10.0.0.1 crypto map Outside_map 1 set ikev1 transform-set ESP-DES-SHA ESP-DES-MD5 crypto map Outside_map 2 match address out_cryptomap1 crypto map Outside_map 2 set peer 10.0.0.1 crypto map Outside_map 2 set ikev1 transform-set ESP-DES-SHA ESP-DES-MD5 crypto map Outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP crypto map Outside_map interface outside If a user attempts to configure this, throw an error to inform that a crypto map entry for that peer's IP address already exists. Conditions: ASA- any version.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases