Guest

Preview Tool

Cisco Bug: CSCvs47019 - ZBF drops icmp tunnel traffic to and from the box

Last Modified

Dec 19, 2019

Products (1)

  • Cisco 3G Wireless WAN

Known Affected Releases

16.6.5

Description (partial)

Symptom:
ZBF on ASR 1000 running 16.6.5 with dmvpn  might drop icmp ping traffic 

When packet trace is taken we see that the packets that are dropped are just discarded after the ZBF Action is forward.

Conditions:
ZBF on ASR 1000 running IOS-XE 16.6.5 
DMVPN tunnel to cloud and this interface is added to zone based firewall

Do a continuous ping from the tunnel interface towards cloud and 1 in 450 packet is dropped

Do a continuous ping from a host behind the tunnel interface towards the cloud and same behavior is seen
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.