Preview Tool

Cisco Bug: CSCvt98599 - IKEv2 Call Admission Statistics "Active SAs" counter out of sync with the real number of sessions

Last Modified

Sep 17, 2020

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases


Description (partial)

On the ASA IKEv2 Call Admission Statistics "Active SAs" counter can go out of sync with the real number of IKEv2 sessions as shown by the "show vpn-sessiondb". When the CAC "Active SAs" counter reaches platform limit, new sessions cannot be established and the following syslog message is generated:

%ASA-4-751015: Local: Remote: Username:Unknown IKEv2 SA request rejected by CAC. Reason: SA LIMIT REACHED

This can happen after a failover event and if Failover State link is down. All ASA versions are affected.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.