Guest

Preview Tool

Cisco Bug: CSCvd82211 - IPsec/IKEv2 Installation Sometimes Fails With Simultaneous Negotiations

Last Modified

May 29, 2020

Products (1)

  • Cisco IOS

Known Affected Releases

15.5(3)S5.1

Description (partial)

Symptom:
-IPsec SA installation may fail if both VPN endpoints initiate an IKEv2 negotiation within a short time frame
-IKEv2 debugs seem to show a successful negotiation, but the IPsec SA creation/installation into hardware fails:

Mar 17 17:25:32.321: IKEv2:(SA ID = 5):[IPsec -> IKEv2] Creation of IPsec SA into IPsec database FAILED
Mar 17 17:25:32.328: IPSEC:(SESSION ID = 263) (cleanup_tun_decap_oce) unlock and null out Tunnel100 tun_decap_oce 7F282D98A8B0 from ident 7F28253801B8
Mar 17 17:25:32.329: IKEv2-ERROR:(SESSION ID = 263,SA ID = 5):: Creation/Installation of IPsec SA into IPsec DB failed

Conditions:
-IPsec configuration with IKEv2
-DMVPN may be a factor
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.