Guest

Preview Tool

Cisco Bug: CSCvu65669 - Traffic drop from branch overlay ping to service side without zp vpn1 to vpn1 when FW & IPS enabled

Last Modified

Sep 12, 2020

Products (1)

  • Cisco XE SD-WAN Routers

Known Affected Releases

17.2.1r

Description (partial)

Symptom:
Firewall enabled in inspection mode from vrf 10 to outside zone. And traffic source and destination is in vrf 10 and no firewall enabled for this traffic. Below is the scenario.

With only firewall --> All incoming/outgoing traffic works
With only IPS -- > All incoming/outgoing traffic works
With firewall & IPS --> All incoming ICMP traffic drops with Firewall_policy.

Conditions:
All incoming traffic drops with Firewall_policy when Firewall enabled between vpns to outside zone.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.