Preview Tool

Cisco Bug: CSCus96078 - duplicated ipsec sa does not fully delete isakmp sa

Last Modified

Sep 27, 2018

Products (96)

  • Cisco IOS
  • Cisco 888W Integrated Services Router
  • Cisco 812 CiFi Integrated Services Router
  • Cisco 819 Hardened Integrated Services Router
  • Cisco 898 Secure G.SHDSL EFM/ATM with Multi-Mode 4G LTE ISR Router
  • Cisco 892W Integrated Services Router
  • Cisco VG204XM Analog Voice Gateway
  • Cisco 1905 Serial Integrated Services Router
  • Cisco 881SRSTW Integrated Services Router
  • Cisco 2951 Integrated Services Router
View all products in Bug Search Tool Login Required

Known Affected Releases

15.2(4)M4.3 15.4(3)M1

Description (partial)

When there are 2 * IPsec SA and 2 * IKE SA generated for an IPsec selector and when a peer router sends isakmp packet with DELETE payload, the IPsec SAs and one of IKE SAs are deleted but the other one of IKE SAs remains until the end of lifetime.

This behavior is observed with crypto map based tunnel and a peer router sends DELETE because of its idle-time in this case.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.