Cisco Bug: CSCvs95052 - L2L IKEv2 IPSEC with integrity esp-sha512 - replies to SNMP queries to ASA inside over VPN not sent
Apr 20, 2020
- Cisco ASA 5500-X Series Firewalls
Known Affected Releases
Symptom: SNMP queries over VPN to ASA inside IP freeze. E.g. SNMPpoller---(inside)ASA1(public)---INET---(outside)ASA2(inside) First few queries of: snmpwalk -On -v 2c -c <community> <ASA2 inside IP> are passing fine, and then SNMP times out. snmpwalk -On -v 2c -c <community> <ASA2 inside IP> .22.214.171.124.126.96.36.199.0 = STRING: "Cisco Adaptive Security Appliance Version 9.8(2)20" .188.8.131.52.184.108.40.206.0 = OID: .220.127.116.11.18.104.22.168.2114 .22.214.171.124.126.96.36.199.0 = Timeticks: (211300) 0:35:13.00 Timeout: No Response from <ASA2 inside IP> show crypto ipsec sa on ASA2 shows "#send errors:" counter increasing. Dropped packets are not seen in "show asp drop" counters / captures. Conditions: L2L IKEv2 Integrity algorithm esp-sha512 used for IPSEC SA. ASA queried with SNMP to inside interface from remote host over VPN.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases