Guest

Preview Tool

Cisco Bug: CSCvu30187 - IPsecInput/IPSEC_NOT_ENABLED drops for Inbound ESP traffic with Shared Tunnel Protection

Last Modified

Jun 22, 2020

Products (1)

  • Cisco 4000 Series Integrated Services Routers

Known Affected Releases

16.6.4 16.9.4 17.2.1r

Description (partial)

Symptom:
With listed conditions, after a reload, IPsec protected GRE tunnels will form IPsec and IKE, but inbound ESP traffic for at least one of the tunnels will be dropped.


IPsecInput drops seen in 'show platform hardware qfp active stat drop'
IN_US_V4_PKT_FOUND_IPSEC_NOT_ENABLED drops seen in 'show platform hardware qfp active feature ipsec data drop'

Conditions:
NAT-T
At least two GRE tunnels using the same tunnel source, same IPsec profile, and shared keyword (shared tunnel protection)
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.