Guest

Preview Tool

Cisco Bug: CSCvi71989 - Keep ISAKMP ports closed when configuring OSPFv3 IPSec

Last Modified

Aug 06, 2018

Products (1)

  • Cisco IOS

Known Affected Releases

Denali-16.1.1

Description (partial)

Symptoms:
When configuring OSPFv3 with IPSec Authentication or Encryption, the IPSec ports are exposed on the device.

Conditions:
OSPFv3 with IPSec Authentication or Encryption uses the IPSec APIs.  But there should be no need to open the ISAKMP ports UDP 500 and 
UDP4500 for both IPv4 and IPv6.

Router#sh udp
Proto        Remote      Port      Local       Port  In Out  Stat TTY OutputIF
 17     0.0.0.0             0 --any--         18999   0   0    11   0 
 17       --listen--          --any--           500   0   0 2001011   0 
 17(v6)   --listen--          FE80::1           500   0   0 2020011   0 
 17       --listen--          --any--          4500   0   0 2001011   0 
 17(v6)   --listen--          FE80::1          4500   0   0 2020011   0 
Router#

ipv6 router ospf 1
 router-id 192.168.0.1
 area 10 authentication ipsec spi 1000 md5 1234567890ABCDEF1234567890ABCDEF
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.