Guest

Preview Tool

Cisco Bug: CSCvi06120 - vpn-idle-timeout is not triggered after switching to rebooted failover pair

Last Modified

Jul 25, 2019

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

9.4(3.11) 9.7(1)

Description (partial)

Symptom:
vpn-idle-timeout is not triggered after switching to rebooted failover pair although no traffic go through the tunnel.
vpn-sessiondb shows "Idle TO Left: 0 Minutes" but the session remains until expiring IPsec SA lifetime.

Conditions:
Switched node after failover is reloaded
Only impact sessions that were idle and remain idle prior to active member boot. If
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.