Guest

Preview Tool

Cisco Bug: CSCvu35075 - IPSec SA rekey happens only if 'keepalive' is also configured

Last Modified

Jun 04, 2020

Products (1)

  • Cisco ASR 5000 Series

Known Affected Releases

21.19.n1.75794 21.19.n2 21.19.n2.75942

Description (partial)

Symptom:
IPSec rekey is not triggered at the expiry of soft lifetime (10 sec before the lifetime expiry). Instead, at the expiry of  hard lifetime, both IKE and IPSec get re-established.

Conditions:
IPSec rekey is configured, but keepalive is not configured under crypto map -> payload

    crypto map <map name> ikev2-ipv4
      payload <payload name> match ipv4
        ipsec transform-set list <IPSec TS Name>
        lifetime <lifetime value in sec>
        rekey
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.