Guest

Preview Tool

Cisco Bug: CSCvs25682 - GETVPN: IpsecInvalidSA drops are seen on ESP200X/ESP100X after %LOGGER-6-DROPPED: message

Last Modified

Aug 25, 2020

Products (1)

  • Cisco ASR 1000 Series Aggregation Services Routers

Known Affected Releases

17.1.1

Description (partial)

Symptom:
When GETVPN is configured with TBAR on a router with ESP100x and ESP200x and there is enough traffic for the IPSEC sequence number space to wrap around, traffic is dropped because of InvalidSA

Conditions:
GETVPN and TBAR is configured. The issue is more easily seen on ESP100x and ESP200x because the sequence number space wraps around faster here.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.