This issue is due to the presence of Cisco bug ID CSCsd50841.
When 800 series routers run with CPU over 50 percent, traffic can stop after one or more IPsec rekeys. When this happens, Packets Dropped and Invalid Flow Error counters increment in the crypto accelerator statistics. Use the show crypto engine accelerator statistic command in order to view these counters.
This issue occurs on 870 routers when the IPsec flow ID value reaches 40 and on 1800 routers when the flow ID reaches 300. Most often, the main outbound Security Association (SA) does not pass traffic.
Note: This issue is first found in Cisco IOS Software Release 12.4(6)T.
For temporary workaround:
Clear the IPsec SAs. Use the clear crypto sacommand in order to restart traffic orset a longer IPsec rekey interval.
For permanent workaround:
In order to completely resolve this issue, download the latest code. With Cisco, the number of images and releases is reduced, which makes it easier to choose the right release.
Hello,Need help with CN name not updated in Internal CA Certs issue.I have freshly installed Cisco ISE on 3615 hardware.No configuration is present on the box and I changed serial number of ISE and restarted the services.Updated serial number is visible e...
Hi all, We have a server which requires to go out on a specific interface "outside3". I tried to set it up so it will route to outside3 but somehome the traffic still go out at outside2. This is what I configure for that change:acces...
We are hosting a web page and it can be viewed internally by it's private IP (192.168.42.4). It can be viewed externally when using our public IP address. However it cannot be loaded internally by using the external IP. It asks to log in (to the router) w...
Do I need a Cisco ISE device admin license for every PSN I enable the service on? For example: If I enabled the device admin service on 5 of my policy nodes. Does this mean I would need 5 device admin licenses installed on the primary admin node?