Guest

Preview Tool

Cisco Bug: CSCvi22755 - GETVPN: ISM module crashes and fails to install Rekey policies

Last Modified

Sep 14, 2019

Products (1)

  • Cisco 2900 Series Integrated Services Routers

Known Affected Releases

15.5(3.0a)M6

Description (partial)

Symptom:
After receiving TEK rekey from KS, following logs are observed:

ISM VPN heartbeat timeout
%VPN_HW-6-INFO_LOC: Crypto engine: slot 0  State changed to: Disabled
%GDOI-5-GM_FAILED_TO_INSTALL_POLICIES: FAILED: Installation of Reg/Rekey policies from KS 
Reventon small chunk is not destroyable
Reventon medium chunk is not destroyable
%VPN_HW-6-SHUTDOWN:  shutting down
ISM-VPN reventon_kickoff_cleanup() Shutdown Procedure Complete
%VPN_HW-6-INFO_LOC: Crypto engine: slot 0  State changed to: Enabled
ISM VPN UP & READY

Conditions:
The encryption ACL pushed down by the KS at TEK rekey has more entries (more than 90) than the old one.
GM's ISM module is enabled
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.