Guest

Preview Tool

Cisco Bug: CSCuq88419 - GETVPN Suite-B: Adding permit to KS ACL, wrong policy on GM & Sec KS

Last Modified

Sep 27, 2018

Products (108)

  • Cisco IOS
  • Cisco C892FSP Integrated Services Router
  • Cisco 861W Integrated Services Router
  • Cisco 888W Integrated Services Router
  • Cisco 819 Hardened Integrated Services Router
  • Cisco 1905 Serial Integrated Services Router
  • Cisco 898 Secure G.SHDSL EFM/ATM with Multi-Mode 4G LTE ISR Router
  • Cisco ASR 901-6CZ-F-D Router
  • Cisco VG204XM Analog Voice Gateway
  • Cisco 886VA-CUBE Integrated Services Router
View all products in Bug Search Tool Login Required

Known Affected Releases

15.5(1)S 15.5(1)T

Description (partial)

Symptom:
A GETVPN Suite-B Group Member (GM) has a differently ordered Downloaded ACL than is configured on the Key Server (KS) after adding permits to the ACL and issuing a rekey. Also, the Secondary KS "show crypto gdoi ks policy" output for TEK SPI + Selector does not match the Primary KS with the same conditions.

Conditions:
GETVPN Suite-B is configured and an ACL change is performed on the Key Server (KS) such that permits are added to the top or middle of the ACL, followed by a policy replacement rekey (i.e. "crypto gdoi ks rekey").
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.