Preview Tool

Cisco Bug: CSCuq90747 - IKEV2 Virtual-Access Interface goes down when using HSRP VIP

Last Modified

Oct 31, 2019

Products (96)

  • Cisco IOS
  • Cisco 898 Secure G.SHDSL EFM/ATM with Multi-Mode 4G LTE ISR Router
  • Cisco 886VA-CUBE Integrated Services Router
  • Cisco 812 CiFi Integrated Services Router
  • Cisco 2951 Integrated Services Router
  • Cisco 861W Integrated Services Router
  • Cisco C897VA Integrated Services Router
  • Cisco 1905 Serial Integrated Services Router
  • Cisco VG204XM Analog Voice Gateway
  • Cisco 886VAG 3G Integrated Services Router
View all products in Bug Search Tool Login Required

Known Affected Releases

15.3(1)T1.1 15.3(3)M4 15.4(2.9)T 15.4(3)M 15.4(3)SS

Description (partial)

When using a IOS headend for IKEV2 client termination, if the headend ip address is a HSRP VIP (virtual ip address), then after 10 seconds after the IPSEC session is established, the virtual access interface line protocol goes down.

After the line protocol goes down, traffic cannot be sent through the virtual access interface.

The following log message can be seen:

%LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access5, changed state to down

Affects both IOS and ASR IOS XE. 

seems to be broken between 15.4(2.4)T (works) and 15.4(2.6)T (broken).

using HSRP VIP address for IKEv2 termination
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.