Preview Tool

Cisco Bug: CSCuq90747 - IKEV2 Virtual-Access Interface goes down when using HSRP VIP

Last Modified

Nov 27, 2020

Products (2)

  • Cisco 2600 Series Multiservice Platforms
  • Cisco 2600 Series Multiservice Platforms

Known Affected Releases

15.3(1)T1.1 15.3(3)M4 15.4(2.9)T 15.4(3)M 15.4(3)SS

Description (partial)

When using a IOS headend for IKEV2 client termination, if the headend ip address is a HSRP VIP (virtual ip address), then after 10 seconds after the IPSEC session is established, the virtual access interface line protocol goes down.

After the line protocol goes down, traffic cannot be sent through the virtual access interface.

The following log message can be seen:

%LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access5, changed state to down

Affects both IOS and ASR IOS XE. 

seems to be broken between 15.4(2.4)T (works) and 15.4(2.6)T (broken).

using HSRP VIP address for IKEv2 termination
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.