Guest

Preview Tool

Cisco Bug: CSCvs35341 - Add more useful logs to help troubleshoot IPSEC SA failures

Last Modified

Sep 02, 2020

Products (1)

  • Cisco IOS

Known Affected Releases

16.9.4

Description (partial)

Symptom:
Enhancement Defect to Add more useful logs to help troubleshoot IPSEC SA failures.

When an IPSEC SA Failure occurs, the system reloads without leaving an UCODE core file. There is also very little information saved in the tracelogs that provides any relevant information as to why the SA Creation failed. There is a log that says a resource issue occurred. However, this doesn't clarify if it was low processor memory, low system memory or if some table such as the crypto ELI is full. We need more alerts when something is failing. Here is a few things we would like to address or try to address:

1) Add an alert that warns you if the Crypto ELI table (show crypto eli) is full or getting close to being full. 

2) Add additional logs that will provide more information that can be useful in troubleshooting SA Creation failures.

3) When a resource issue occurs, be more specific about what resource has actually been consumed resulting in the crash.

Conditions:
None
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.