This issue is due to the presence of Cisco bug ID CSCsd50841.
When 800 series routers run with CPU over 50 percent, traffic can stop after one or more IPsec rekeys. When this happens, Packets Dropped and Invalid Flow Error counters increment in the crypto accelerator statistics. Use the show crypto engine accelerator statistic command in order to view these counters.
This issue occurs on 870 routers when the IPsec flow ID value reaches 40 and on 1800 routers when the flow ID reaches 300. Most often, the main outbound Security Association (SA) does not pass traffic.
Note: This issue is first found in Cisco IOS Software Release 12.4(6)T.
For temporary workaround:
Clear the IPsec SAs. Use the clear crypto sacommand in order to restart traffic orset a longer IPsec rekey interval.
For permanent workaround:
In order to completely resolve this issue, download the latest code. With Cisco, the number of images and releases is reduced, which makes it easier to choose the right release.
We are on ISE 2.4 and have configured AD <> ISE integration using WMI (to get information of AD users) Some providers suddenly went offline for no reason, we had to manually add back integration Is there a way to set an email alertin...
Hello, I recently tried to upgrade my ESA (virtual appliance) from 13.5.3-010 release to the latest GD release 184.108.40.2062/Once i download the stuff, and try to install , few seconds after i have the following kind of error (attached an extract) ...
For some reason the router does not recognise “AnyConnect-eap” command at all? it’s a 2921 15.2 iOS and has securityk9 and base? I can only use “eap query-identity”? does this only work on IOS-XE?I’m in process of setting up flexVPN remote ...
We have an ongoing issue where users (not admins) lose access to some network drives while connected via vpn. Access to the drives may come back without any warning, much in the same way the access is lost - no telltale signs that connectivity has b...