Cisco Bug: CSCvu05306 - After rekey, IPSec SA Pkts count not reset with IKEv2 SA re-establishment triggered by peer
Jun 04, 2020
- Cisco ASR 5000 Series
Known Affected Releases
21.19.0 188.8.131.52531 21.19.n1
Symptom: Values of counters IPSec SA Encrypted and Decrypted Packets, shown in the output of CLI 'show crypto ipsec security-associations', may not match between IPSec peers, under specific circumstances. Conditions: This issue is seen when an IPSec SA had rekeyed earlier and there is an IKEv2 SA reestablishment triggered from the peer side. The counters should be reset on both the sides, but it is reset only on the peer side. Local counters are not reset, so they show a bigger count.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases