Guest

Preview Tool

Cisco Bug: CSCvu05306 - After rekey, IPSec SA Pkts count not reset with IKEv2 SA re-establishment triggered by peer

Last Modified

Jun 04, 2020

Products (1)

  • Cisco ASR 5000 Series

Known Affected Releases

21.19.0 21.19.0.75531 21.19.n1

Description (partial)

Symptom:
Values of counters IPSec SA Encrypted and Decrypted Packets, shown in the output of CLI 'show crypto ipsec security-associations', may not match between IPSec peers, under specific circumstances.

Conditions:
This issue is seen when an IPSec SA had rekeyed earlier and there is an IKEv2 SA reestablishment triggered from the peer side. The counters should be reset on both the sides, but it is reset only on the peer side. Local counters are not reset, so they show a bigger count.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.