Guest

Preview Tool

Cisco Bug: CSCut57188 - CSM merges crypto ACLs after adding new peer to VPN topology

Last Modified

Nov 11, 2016

Products (1)

  • Cisco Security Manager

Known Affected Releases

4.8(0)

Description (partial)

Symptom:
CSM merges crypto ACLs used for different peers into single crypto ACL.

Peer A:
access-list CSM_IPSEC_ACL_1

Peer B:
access-list CSM_IPSEC_ACL_2

After the deployment:

crypto map CSM_outside_map 1 match address CSM_IPSEC_ACL_3
crypto map CSM_outside_map 1 set peer 1.1.1.1
crypto map CSM_outside_map 1 set ikev2 ipsec-proposal CSM_IP_1
crypto map CSM_outside_map 1 set reverse-route
crypto map CSM_outside_map 2 match address CSM_IPSEC_ACL_3
crypto map CSM_outside_map 2 set peer 2.2.2.2
crypto map CSM_outside_map 2 set ikev2 ipsec-proposal CSM_IP_1
crypto map CSM_outside_map 2 set reverse-route
crypto map CSM_outside_map interface outside

CSM_IPSEC_ACL_3 is combination of CSM_IPSEC_ACL_1 and CSM_IPSEC_ACL_2

Conditions:
--Using site-to-site VPN manager for  tunnels
--Adding new peer to the current VPN topology
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.