Guest

Preview Tool

Cisco Bug: CSCus30100 - show crypto map displays incomplete ACL entry

Last Modified

Mar 10, 2018

Products (1)

  • Cisco IOS

Known Affected Releases

15.3(2.8)T

Description (partial)

Symptom:
show crypto map displays incomplete ACL entry:

GW1#show crypto map
Crypto Map IPv4 "to_ot_mgmt" 30 ipsec-isakmp
        Peer = 172.16.1.1
        Extended IP access list outside_30_cryptomap
            access-list outside_30_cryptomap permit ip 10.254.0.0 0.0.0.255 172.20.4.0 0.0.0.255
            access-list outside_30_cryptomap permit ip 10.254.0.0 0.0.0.255 host 172.18.0.5
            access-list outside_30_cryptomap permit ip 10.254.0.0 0.0.0.255 host 172.18.0.238
            access-list outside_30_cryptomap permit ip 10.254.0.0 0.0.0.255 host 172.18.2.9
            access-list outside_30_cryptomap permit ip 10.254.0.0 0.0.0.255 host 172.18.2.10
            access-list outside_30_cryptomap permit ip 10.254.0.0 0.0.0.255 host 172.
        Security association lifetime: 4608000 kilobytes/28800 seconds
        Responder-Only (Y/N): N

The last entry  "host 172." is not complete.

This is a cosmetic issue. You can use show access-list command to check crypto ACL. Also this is does not affect IPSec traffic for this crypto ACL entry

Conditions:
n/a
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.