This issue is documented in Cisco bug ID CSCsc44772.
A Cisco 1700 with a VPN module (MOD1700-VPN) faces problems in a specific Dynamic Multipoint VPN (DMVPN) environment. At a certain point, the hardware module becomes stuck. This problem occurs in Cisco IOS Software Releases 12.4(5.5)T and 12.4(5).
Software encryption does not have any problems.
After a reboot (with hardware encryption enabled), the Enhanced Interior Gateway Routing Protocol (EIGRP) neighborships come up fine for a short while. After a certain time (within a minute), the 1721 stops forwarding traffic. The encaps/decaps counters of the IPsec tunnel no longer increment in the show crypto ipsec sa command, and the EIGRP tunnels go down.
If hardware encryption is then disabled, all works fine.
If hardware encryption is re-enabled, error messages such as these are received:
Router(config)#crypto engine accelerator ...switching to HW crypto engine kthulu(config)# Nov 9 09:57:13.429: %VPN_HW-6-INFO_LOC: Crypto engine: em 3 State changed to: Enabled Nov 9 09:57:13.457: %C1700_EM-1-ERROR: control error: unknown error 0x1048 Nov 9 09:57:13.457: IPSECcard: an error coming back 0x1048 Nov 9 09:57:13.481: IPSECcard: an error coming back 0x1048 Nov 9 09:57:13.485: IPSECcard: an error coming back 0x1048 ... Nov 9 09:57:14.457: %C1700_EM-1-ERROR: control error: unknown error 0x1048
For a workaround, enable software encryption by issuing the no crypto engine accelerator command.
This issue is fixed in Cisco IOS Software Releases 12.4(5.13), 12.4(05a), and 12.4(5.13)T. An upgrade is also suggested.
Hi Community, We have upgraded from ISE v3.0 to v3.1 p3 and after the upgrade, we are observing that default interface for service traffic is changed to eth0, whereas, before the upgrade it was through eth1. Hoping for any resolutions on this issue.&...
I’m running into an issue with some windows 10 clients.After the clients register in the Guest portal, and a successful logon page appears, instead of getting directed to the internet the clients are getting re-directed back to register.If the clients go ...
Hi community members,
I need help here. we are using FTD 4125 physical appliance and configured SSL VPN with self-signed cert. whenever users try to connect AnyConnect, the application prompt warning that this is not trusted CA.
I do not want to pu...
I am installing an Exchange server behind an FPM 1010 running FDM. I have a public ip natted to internal. When I do a "What is my IP" from the exchange server console, I get the public ip of the FPM 1010. What do I need to change in the 1...
We are going to upgrade a ASA & ASDM Firmwares on a Firepower 2120 device.
We'd like to know if the current Firepower firmware will be compatible with the ASA & ASDM Firmwares which we are going to install.
ASA & ASDM Firm...