02-26-2013 12:11 AM
Hello, guys!
I have very annoying bug, that makes me cry.
Configuration is simple, from one side ASA 5580 with soft asa844-5-smp-k8.bin, from another side: ASA 5520 with asa845-k8.bin.
Between them is builded IPsec LAN-to-LAN.
Usually it works fine, but: In random time I can get error in logs something like that
on ASA 5520: %ASA-5-713904: Group = x.x.x.200, IP = x.x.x.200, Phase 2 rekey collision, found centry 0x6cec9d28
or on ASA 5580: %ASA-5-713904: Group = x.x.x.234, IP = x.x.x.234, Phase 2 rekey collision, found centry 0x00007ffe782dfa60
The main problem that if this error is occured on 5520 - all continues to work (only this message is appear in log).
If this problem occured on 5580 - tunnel stopped his work. One thing that helps - it is drop crypto SA (clear crypto ikev1 sa x.x.x.234), after that tunnel reinitialized and all starts work again.
As far as I know, this problem was on 5520 to version 8.4.2 and was solved in 8.4.3. But, as you see, in version for 5580 (-smp) this bug is still present in newer versions.
Can somebody help me with this bug? Maybe someone can check sources for ASA software for this error? It's very annoying bug, because it's hard to reproduce and appear once or twice at month.
03-18-2013 07:07 AM
Do you have the Cisco bug ID for this issue? I am seeing this behavior also on version 8.2, and would like to see if there is a fix in the 8.2 train. We don't have the memory to go to 8.4.3.
03-18-2013 09:03 AM
Right now I have a dialog with guys from Cisco. Right now they are waiting for "happens one more time", we're setupped extended logging and waiting then tunnel will be down.
So right now there is no cisco bug id for this case.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide