Cisco Bug: CSCvh97226 - Ordering isssue for crypto keyring and crypto isakmp profile
Last Modified
Nov 16, 2018
Products (14)
- Cisco IOS
- Cisco 4221 Integrated Services Router
- Cisco 4331 Integrated Services Router
- Cisco 4431 Integrated Services Router
- Cisco 4321 Integrated Services Router
- Cisco ASR 1002-X Router
- Cisco ASR 1001-X Router
- Cisco Cloud Services Router 1000V
- Cisco 4451-X Integrated Services Router
- Cisco ASR 1000 Series Route Processor (RP2)
Known Affected Releases
Fuji-16.8.1
Description (partial)
Symptom:
When Restconf is used to retrieve crypto information as Yang Data Model the response is missing the first match identity value and only reports back a single identity.
https://192.168.45.4/restconf/data/Cisco-IOS-XE-native:native/crypto/Cisco-IOS-XE-crypto:isakmp/profile/
<profile xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-crypto" xmlns:ios-crypto="http://cisco.com/ns/yang/Cisco-IOS-XE-crypto" xmlns:ios="http://cisco.com/ns/yang/Cisco-IOS-XE-native">
<name>xxx_isakmp</name>
<keyring>xxx_keyring</keyring>
<match>
<identity>
<ipv4-address>
<address>10.21.204.125</address>
<mask>255.255.255.255</mask>
</ipv4-address>
</identity>
</match>
<self-identity>
<address></address>
</self-identity>
<vrf>xxx</vrf>
</profile>
Conditions:
Crypto isakmp profile configured like this:
crypto isakmp profile xxx_isakmp
vrf xxx
keyring xxx_keyring
self-identity address
match identity address 10.21.204.124 255.255.255.255
match identity address 10.21.204.125 255.255.255.255 Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Status
- Severity
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases