Cisco Bug: CSCvt98599 - IKEv2 Call Admission Statistics "Active SAs" counter out of sync with the real number of sessions
Sep 17, 2020
- Cisco ASA 5500-X Series Firewalls
Known Affected Releases
Symptom: On the ASA IKEv2 Call Admission Statistics "Active SAs" counter can go out of sync with the real number of IKEv2 sessions as shown by the "show vpn-sessiondb". When the CAC "Active SAs" counter reaches platform limit, new sessions cannot be established and the following syslog message is generated: %ASA-4-751015: Local:0.0.0.0:0 Remote:0.0.0.0:0 Username:Unknown IKEv2 SA request rejected by CAC. Reason: SA LIMIT REACHED Conditions: This can happen after a failover event and if Failover State link is down. All ASA versions are affected.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases