Guest

Preview Tool

Cisco Bug: CSCvu44708 - Vedge doesn't initiate an IKE negotiation, it sends a CREATE_CHILD_SA instead

Last Modified

Aug 31, 2020

Products (2)

  • Cisco vEdge Router
  • Cisco vEdge Router Model

Known Affected Releases

19.2.2

Description (partial)

Symptom:
In this scenario the tunnel (IPSEC150) goes down due to duplicate IKEv2 sa, Vedge does not start a new negotiation, but rather tries to negotiate new SPIs with a CREATE CHILD_SA.

May 25 17:21:56] is the timestamp when the Tunnel is already down due to duplicate sa and Vedges starts sending CREATE_CHILD_SA instead of a new negotiation.
----------------------------------------------------
Admin-tech files:
<- messages1 path var/log/messages1 in thew admin-tech is the file with the iked logs
<- debugs path var/log/tmlog/debug is the file with the ike debugs

Conditions:
Protocol: IKEv2
Remote peer: C1101

Duplicate IKEv2 sa
Tunnel goes down
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.