Preview Tool

Cisco Bug: CSCvu26854 - Multiple Issues After Upgrade Without Switchover With IPSec Enabled Until IPTables Restarted

Last Modified

Oct 16, 2020

Products (1)

  • Cisco Unified Communications Manager (CallManager)

Known Affected Releases

10.5(2.10000.5) 11.5(1.10000.6)

Description (partial)

While doing an upgrade without switch version, the upgrade completes successfully but many ports on the active version are blocked so various services are unreachable. The following issues have been observed due to this:

1. Subscriber upgrades fail
2. GUI / Tomcat webapps inaccessible (including web pages, AXL, UDS, etc...)
3. TFTP inaccessible
4. If phones are reset, they won't re-register

SSH access still works, so the workaround listed below can be performed without issue.

This has been seen on systems with IPSec enabled on both FIPS and nonFIPS mode. It only happens when upgrades are performed without automatic switch version. If the switch version is done as part of the upgrade, no issues are seen.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.