Preview Tool

Cisco Bug: CSCus96078 - duplicated ipsec sa does not fully delete isakmp sa

Last Modified

Aug 15, 2017

Products (96)

  • Cisco IOS
  • Cisco 861W Integrated Services Router
  • Cisco 898 Secure G.SHDSL EFM/ATM with Multi-Mode 4G LTE ISR Router
  • Cisco 886VAG 3G Integrated Services Router
  • Cisco 812 CiFi Integrated Services Router
  • Cisco VG204XM Analog Voice Gateway
  • Cisco 892W Integrated Services Router
  • Cisco 1905 Serial Integrated Services Router
  • Cisco 886VA-CUBE Integrated Services Router
  • Cisco C892FSP Integrated Services Router
View all products in Bug Search Tool Login Required

Known Affected Releases

15.2(4)M4.3 15.4(3)M1

Description (partial)

When there are 2 * IPsec SA and 2 * IKE SA generated for an IPsec selector and when a peer router sends isakmp packet with DELETE payload, the IPsec SAs and one of IKE SAs are deleted but the other one of IKE SAs remains until the end of lifetime.

This behavior is observed with crypto map based tunnel and a peer router sends DELETE because of its idle-time in this case.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.