Cisco Bug: CSCvs25682 - GETVPN: IpsecInvalidSA drops are seen on ESP200X/ESP100X after %LOGGER-6-DROPPED: message
Aug 25, 2020
- Cisco ASR 1000 Series Aggregation Services Routers
Known Affected Releases
Symptom: When GETVPN is configured with TBAR on a router with ESP100x and ESP200x and there is enough traffic for the IPSEC sequence number space to wrap around, traffic is dropped because of InvalidSA Conditions: GETVPN and TBAR is configured. The issue is more easily seen on ESP100x and ESP200x because the sequence number space wraps around faster here.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases