Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2326
Views
0
Helpful
3
Replies

CSCup37416 - Stale VPN Context entries cause ASA to stop encrypting traffic

praveen.bangera@wipro.com
Level 1
Level 1

‎09-30-2015 06:50 AM

Hi All,

Does any one have an permanent fix for this issue? One of customer VPN connections suddenly stops the traffic and connection is lost. This is becoming an regular issue and would need an permanent fix immediately. My current firewall ISO is ASA Version 9.1(6) 

Issue :

Stale VPN Context entries cause ASA to stop encrypting traffic

ASAs which had a working L2L VPN tunnel suddenly stops encrypting traffic. 

The ASP table will show duplicate ASP entries and traffic is hitting an ASP entry
that is stale and the traffic for particular SA is blackholed.

3 people had this problem
Labels:
0 Helpful
3 Replies 3

pjain2
Cisco Employee
Cisco Employee

‎09-30-2015 09:38 AM

have you tried and disabled the data based rekey?

0 Helpful

gaskincharles
Level 1
Level 1

‎06-20-2017 12:04 PM

Praveen

Did you ever find a permanent solution for this issue? I have a 5540 ASA code 9.1(7.16) that is experiencing duplicate sa entries in the asp tables. The only thing I can do is run the "clear crypto ipsec sa inactive" cmd to clear the duplicate sa.

0 Helpful

anambiar79
Level 1
Level 1
In response to gaskincharles

‎12-23-2017 11:02 AM

Hi Praveen,

Cisco still don't have  release for fixing this issue. I have resolved the issue by failing over to the Standby device then reloaded the primary one.

You can check the below bug search from Cisco

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCve94917/?reffering_site=dumpcr

 

Regards,

 

Anumod

0 Helpful
Customers Also Viewed These Support Documents