cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1116
Views
0
Helpful
0
Comments
TCC_2
Level 10
Level 10

Core issue

This problem is due to the presence of Cisco bug ID CSCsd48512.

In order for this issue to occur, the PIX Firewall must have VPN tunnels that terminate on an interface, and its peers must disconnect and then reconnect.

Note: One symptom of this problem is that the Missing SA failures field in the show ipsec stat command increments:

fw# show ipsec stat

IPSec Global Statistics
-----------------------
Active tunnels: 758
Previous tunnels: 851185
Inbound
Bytes: 2889705611
Decompressed bytes: 2889705611
Packets: 101359204
Dropped packets: 1807
Replay failures: 6
Authentications: 101357399
Authentication failures: 1799
Decryptions: 101357399
Decryption failures: 0
Outbound
Bytes: 1655641563
Uncompressed bytes: 1656289143
Packets: 101505107
Dropped packets: 2472907
Authentications: 101682816
Authentication failures: 0
Encryptions: 101682816
Encryption failures: 0
Protocol failures: 0
Missing SA failures: 2472909
System capacity failures: 0

Resolution

For a workaround, perform either of these steps:

  1. Reboot the PIX.

  2. Download and upgrade the software version to any of these versions:

    • 7.0(5)

    • 7.3(0.1)

    • 7.2(0.46)

    • 7.0(4.13)

    • 7.1(2.1)
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: