Cisco CSR1000v always send Traffic selectors 0.0.0.0/0 - 0.0.0.0/0 with IKEv1 when acting as initiat...

gjindal · ‎07-18-2017

Cisco CSR1000v always send Traffic selectors 0.0.0.0/0 - 0.0.0.0/0 with IKEv1

Can you let Cisco CSR 1000v team know that there is a issue when Cisco CSR 1000v acts as initiator in AWS cloud?
It sends 0.0.0.0/0 and 0.0.0.0/0 for SRC/DST Traffic selectors even if the configured Traffic selectors are specific i.e.
permit ip 10.0.0.0 0.0.255.255 10.150.150.0 0.0.0.255

crypto isakmp policy 10

encr aes

authentication pre-share

group 5

crypto isakmp key cisco address X.X.X.X

crypto isakmp nat keepalive 20

!

crypto ipsec transform-set TS esp-aes esp-sha-hmac

mode tunnel

!

crypto map cmap 10 ipsec-isakmp

set peer X.X.X.X

set transform-set TS

match address cryptoacl

!

interface GigabitEthernet1

ip address dhcp

negotiation auto

crypto map cmap

!

ip access-list extended cryptoacl

permit ip 10.0.0.0 0.0.255.255 10.150.150.0 0.0.0.255

The configurations is with crypto map and

Cisco CSR1000v always send Traffic selectors 0.0.0.0/0 - 0.0.0.0/0 with IKEv1 when acting as initiator