Preview Tool

Cisco Bug: CSCvh83849 - DHCP Relay With Dual ISP and Backup IPSEC Tunnels Causes Flapping

Last Modified

May 18, 2020

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases


Description (partial)

VPN tunnel will flap between primary interface and backup interface logging:

%ASA-5-713259: Group =, IP =, Session is being torn down. Reason: Peer Address Changed
%ASA-4-113019: Group =, Username =, IP =, Session disconnected. Session Type: LAN-to-LAN, Duration: 0h:11m:53s, Bytes xmt: 666, Bytes rcv: 56, Reason: Peer Address Changed

1)Dual ISPs that terminate on the ASA
2) IPSEC VPN tunnel (crypto map applied to both WAN itnerfaces)
  2a) Crypto map has same remote/local networks (usually same acl used)
3) DHCPRelay servers configured on both WAN interfaces.  ex)

dhcprelay server primary-wan
dhcprelay server backup-wan
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.