Guest

Preview Tool

Cisco Bug: CSCvh77310 - Wrong initial number of DPD incrementing error counter.

Last Modified

Aug 23, 2019

Products (1)

  • Cisco IOS

Known Affected Releases

15.5(3)S5.1

Description (partial)

Symptom:
Wrong initial number of DPD incrementing error counter.
ISAKMP-ERROR: (1008):DPD incrementing error counter (6/5)

Conditions:
It appears the below scenario.
** conn-ids are sample **
a) Recovered DPD error for old ISAKMP SA (1007).
   Recover timing is veri important !! It is after DPD incrementing error counter over 5/5 and "retransmit phase 2" does not exceeded 5.
   ** DPD error was caused by link down between L2SW#1 and L2SW#2.

   So, the below log indicate response packet for QM_IDLE.
   ISAKMP-PAK: (1007):received packet from <IP_Addr of opposite device> dport 500 sport 500 Global (I) QM_IDLE      

b) Made new ISAKMP SA (1008) for same peer by rekey.

c) Hapned DPD error for new ISAKMP SA (1008).
   ** DPD error was caused by link down between L2SW#1 and L2SW#2.

IOS : 15.5(3)S5

Topology:
[ISR4331#1]---[L2SW#1]---[L2SW#2]---[ISR4331#2]
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.