Guest

Preview Tool

Cisco Bug: CSCur12232 - Unable to remove redundant /32 route created per RRI

Last Modified

Nov 08, 2016

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

8.6(1.5)

Description (partial)

Symptom:
For an L2L VPN tunnel between ASA and SonicWall, the crypto ACL mentions 10.101.139.0 255.255.255.0 as the remote subnet and 'set reverse-route' is configured, due to which we observe the route below as expected:

S    10.101.139.0 255.255.255.0 [1/0] via x.x.x.x, outside

However, the we noticed the following in the syslog:

 %ASA-4-409007: Found LSA with the same host bit set but using different mask
 
  Existing: LSA ID 10.101.139.0 255.255.255.0
 
  New: Destination 10.101.139.0 255.255.255.255

Due to which, the routing table shows:

S    10.101.139.0 255.255.255.0 [1/0] via x.x.x.x, outside
S    10.101.139.0 255.255.255.255 [1/0] via x.x.x.x, outside  .... << this is the redundant one >>

We are unable to remove/ delete this redundant route.

Conditions:
At this time we are not sure of the condition under which the redundant route got populated. However, comparing with lab repro, this might have got added due to an incorrect route propagated to the ASA because of some misconfiguration at peer end.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.