Preview Tool

Cisco Bug: CSCvu35075 - IPSec SA rekey happens only if 'keepalive' is also configured

Last Modified

Jun 04, 2020

Products (1)

  • Cisco ASR 5000 Series

Known Affected Releases

21.19.n1.75794 21.19.n2 21.19.n2.75942

Description (partial)

IPSec rekey is not triggered at the expiry of soft lifetime (10 sec before the lifetime expiry). Instead, at the expiry of  hard lifetime, both IKE and IPSec get re-established.

IPSec rekey is configured, but keepalive is not configured under crypto map -> payload

    crypto map <map name> ikev2-ipv4
      payload <payload name> match ipv4
        ipsec transform-set list <IPSec TS Name>
        lifetime <lifetime value in sec>
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.