Guest

Preview Tool

Cisco Bug: CSCvu33094 - Serviceability: provide better feedback when crypto HW is missing and IPSec SDWAN is setup

Last Modified

May 28, 2020

Products (1)

  • Cisco XE SD-WAN Routers

Known Affected Releases

17.2.1

Description (partial)

Symptom:
All BFD tunnels show as down

Conditions:
For modular routers, where it is possible to have optional IPSec hardware (llke ASR1001HX-IPSECHW ), the cEdge accepts a SDWAN configuration with IPsec encapsulation, but only control tunnels show up... and all BFD sessions remain down
There is no clear indication that data plane is rejecting the tunnel SAs, etc, due to lack of crypto  hardware

if we look into the device logs, it is possible to find multiple object creation for SDWAN overlay NH getting delayed (pending-issue), and on boot time, to see crypto HW device error not found...
but for the user, there is no clear indication why this failed
the bug is just to get a better error report, either by rejecting IPSec encapsulation for overlay tunnels, or some other error on run time, beyond a "BFD down" scenario
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.