Guest

Preview Tool

Cisco Bug: CSCvv44894 - Web traffic is not properly recognized by DPI

Last Modified

Sep 08, 2020

Products (1)

  • Cisco vEdge Router

Known Affected Releases

19.2.2

Description (partial)

Symptom:
DPI is not properly recognizing all the applications due to this we are not able to forward the desired traffic to the ipsec tunnel using service chaining.

from-vsmart data-policy _vpn1_DATA_POLICY
 direction from-service
 vpn-list vpn1
  sequence 1
   match
    source-ip 0.0.0.0/0
    app-list  Audio_Video
   action accept
    set
     dscp 36
  sequence 11
   match
    source-ip 0.0.0.0/0
    app-list  Web
   action accept
    count C-web
    set
     forwarding-class CD
     service netsvc2
     service local
  default-action accept

Within the dpi flows we see the following, the application is recognized as https:
vedge# show app dpi flows | tab

                                       Source Dest
VPN  Source IP        Destination IP   Port   Port   PROTOCOL  APPLICATION              FAMILY                ACTIVE SINCE               PACKETS  OCTETS
----------------------------------------------------------------------------------------------------------------------------------------------------------
1   x.x.x.x   x.x.x.x     5983   443    tcp       https                    Web                   2020-08-12T15:33:29+00:00  13       7677

Conditions:
vEdge version 19.2.2
vSmart version 19.2.2
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.