Guest

Preview Tool

Cisco Bug: CSCvu08013 - DTLS v1.2 and AES-GCM cipher when used drops a particular size packet frequently.

Last Modified

Oct 05, 2020

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

9.12(3.9)

Description (partial)

Symptom:
DTLS v1.2 traffic, destined to the ASA, using AES-GCM of a certain length isn't processed properly and dropped on the ASA.

Pre-encrypted packets of size 941 bytes after AnyConnect encapsulation in DTLSv1.2 of size 1007 bytes are dropped.

Conditions:
ASA version 9.12(3)9
Anyconnect Version 4.6+
The VPN tunnel negotiates DTLSv1.2 using AES-GCM.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.