cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
940
Views
0
Helpful
2
Replies

ASA 5580 random "Phase 2 rekey collision"

anton.samets
Level 1
Level 1

Hello, guys!

I have very annoying  bug, that makes me cry.

Configuration is simple, from one side ASA 5580 with soft asa844-5-smp-k8.bin, from another side: ASA 5520 with asa845-k8.bin.

Between them is builded IPsec LAN-to-LAN.

Usually it works fine, but:    In random time I can get  error in logs something like that

on ASA 5520:   %ASA-5-713904: Group = x.x.x.200, IP = x.x.x.200, Phase 2 rekey collision, found centry 0x6cec9d28

or on ASA 5580:   %ASA-5-713904: Group = x.x.x.234, IP = x.x.x.234, Phase 2 rekey collision, found centry 0x00007ffe782dfa60

The main problem that if this error is occured on 5520 - all continues to work (only this message is appear in log).

If this problem occured on 5580 - tunnel stopped his work. One thing that helps - it is drop crypto SA (clear crypto ikev1 sa x.x.x.234), after that tunnel reinitialized and all starts work again.

As far as I know, this problem was on 5520 to version 8.4.2 and was solved in 8.4.3. But, as you see, in version for 5580 (-smp) this bug is still present in newer versions.

Can somebody help me with this bug? Maybe someone can check sources for ASA software for this error? It's very annoying bug, because it's hard to reproduce and appear once or twice at month.

2 Replies 2

conleya
Level 1
Level 1

Do you have the Cisco bug ID for this issue?  I am seeing this behavior also on version 8.2, and would like to see if there is a fix in the 8.2 train.  We don't have the memory to go to 8.4.3.

Right now I have a dialog with guys from Cisco. Right now they are waiting for "happens one more time", we're setupped extended logging and waiting then tunnel will be down.

So right now there is no cisco bug id for this case.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: