This issue is due to the presence of Cisco bug ID CSCsd50841.
When 800 series routers run with CPU over 50 percent, traffic can stop after one or more IPsec rekeys. When this happens, Packets Dropped and Invalid Flow Error counters increment in the crypto accelerator statistics. Use the show crypto engine accelerator statistic command in order to view these counters.
This issue occurs on 870 routers when the IPsec flow ID value reaches 40 and on 1800 routers when the flow ID reaches 300. Most often, the main outbound Security Association (SA) does not pass traffic.
Note: This issue is first found in Cisco IOS Software Release 12.4(6)T.
For temporary workaround:
Clear the IPsec SAs. Use the clear crypto sacommand in order to restart traffic orset a longer IPsec rekey interval.
For permanent workaround:
In order to completely resolve this issue, download the latest code. With Cisco, the number of images and releases is reduced, which makes it easier to choose the right release.
Couldn't find this anywhere, so made it myself, its a group that excludes all RFC1918 addressing and contains all other IPv4 addresses. It includes RFC3330 but I don't think that will concern most people. object-group network INTERNETnetwork-ob...
Is there a best practice around handling Cisco FlexConnect APs and their switchport configuration when doing profiling? Flex APs require commands relating to trunking and native VLAN etc. - which is different to the usual port template ...
Hello, Is there any keepalive mechanism between the switch and ISE. I need to know if there is a way which can enable the switch to know if ISE server is online and available at any particular time.The idea is that lets suppose we try to authenticate...
Hello Experts, I want to utilize existing hardware for Stealthwatch Enterprise deployment. We have UCS 5108 with B200 M5 Servers. I am following below link for the Virtual Server sizing: https://www.cisco.com/c/dam/en/us/td/docs/security/stealth...