Guest

Preview Tool

Cisco Bug: CSCvv28667 - ISR 4k fails to install new IPSec SAs

Last Modified

Oct 14, 2020

Products (1)

  • Cisco 4000 Series Integrated Services Routers

Known Affected Releases

16.9.2

Description (partial)

Symptom:
Device enters trouble state where it can no longer install new IPSec SAs.  Debugs after the failure began occurring:

.Jul 20 14:43:17.578: ISAKMP-ERROR: (14965):IPSec Installation failed...
.Jul 20 14:43:17.578: ISAKMP-ERROR: (14965):deleting node 1039446135 error TRUE reason "IPSEC install failed"

The following may also be seen:

Jul 18 15:13:14: %FMFP-3-OBJ_DWNLD_TO_DP_STUCK: R0/0: fman_fp_image: AOM download of obj[53573] type[192] pending-issue Req-delete Issued-noneIPSEC: n2 sa 1.1.1.1.5353 to Data Plane is stuck for more than 1800 seconds
Jul 18 15:13:14: %FMFP-3-OBJ_DWNLD_TO_DP_STUCK: F0: fman_fp_image: AOM download of obj[53573] type[192] pending-issue Req-delete Issued-noneIPSEC: n2 sa 1.1.1.1.5353 to Data Plane is stuck for more than 1800 seconds
Jul 18 15:13:14: %FMFP-3-OBJ_DWNLD_TO_DP_STUCK: SIP0: fman_fp_image: AOM download of obj[53573] type[192] pending-issue Req-delete Issued-noneIPSEC: n2 sa 1.1.1.1.5353 to Data Plane is stuck for more than 1800 seconds

Conditions:
Version 16.9

DMVPN phase 1 with IKEv1 on ISR4k.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.