Cisco Cisco IOS Software Release 12.4(4)T
1053
Caveats for Cisco IOS Release 12.4T
OL-8003-09 Rev. Z0
Resolved Caveats—Cisco IOS Release 12.4(11)T1
•
CSCsh07199
Symptoms: With a Cisco C7200-VSA card present in a Cisco 7200, Crypto sessions may not form
for an extended period of time after reboot If the debug crypto isa command is enabled, the
following message will appear in the logs until the Cisco C7200-VSA card has completed its boot
process "ISAKMP (0): Unable to generate DH phase I values!"
for an extended period of time after reboot If the debug crypto isa command is enabled, the
following message will appear in the logs until the Cisco C7200-VSA card has completed its boot
process "ISAKMP (0): Unable to generate DH phase I values!"
Conditions: This symptom has been observed when the router has a large number of IPSEC tunnels
configured. The symptom is that the crypto card does not complete its boot process for an extended
period of time. The router logs will contain the message "VSA OIR DONE" when the crypto card
has finished booting.
configured. The symptom is that the crypto card does not complete its boot process for an extended
period of time. The router logs will contain the message "VSA OIR DONE" when the crypto card
has finished booting.
Workaround: Shut the router’s interfaces and allow the crypto card to finish booting before enabling
the interfaces.
the interfaces.
•
CSCsh11868
Symptoms: In a dial backup scenario with backup ezvpn over an async or dialer interface, ezvpn
fails to kickoff the async or dialer interface. Hence, dial backup ezvpn can not be brought up.
fails to kickoff the async or dialer interface. Hence, dial backup ezvpn can not be brought up.
Initial IKE request packet itself is dropped with the following error:
*Oct 5 07:39:22.187: EZVPN(backup): New State: READY
*Oct 5 07:39:22.187: EZVPN(backup): Current State: READY
*Oct 5 07:39:22.187: EZVPN(backup): Event: CONNECT
*Oct 5 07:39:22.187: EZVPN(backup): No state change
*Oct 5 07:39:22.187: ISAKMP:(0):receive null address from sa_req (local 0.0.0.0,
remote 10.175.161.41)
*Oct 5 07:39:22.191: ISAKMP: Error while processing SA request: Failed to initialize
SA
*Oct 5 07:39:22.191: ISAKMP: Error while processing KMI message 0, error 2.
*Oct 5 07:40:03.551: ISAKMP:(2018):purging SA., sa=841CC6D0, delme=841CC6D0
Conditions: This symptom has been observed in a dial backup scenario with backup ezvpn over an
async or dialer interface.
async or dialer interface.
Workaround: There is no workaround.
•
CSCsh13746
Symptoms: Packets are dropped if the tunnel route-via interface command is configured on the
tunnel interface.
tunnel interface.
Conditions: This symptom has been observed with the tunnel protection command and tunnel
route-via command configured on the tunnel interface.
route-via command configured on the tunnel interface.
Workaround: There is no workaround.
•
CSCsh31605
Symptoms: In a dial backup scenario with backup ezvpn over an async or dialer interface, EzVPN
fails to kickoff the async or dialer interface intermittently. Hence, dial backup ezvpn can not be
brought up always, it works intermittently.
fails to kickoff the async or dialer interface intermittently. Hence, dial backup ezvpn can not be
brought up always, it works intermittently.
IKE request packet in failure cases is dropped with the following error:
*Oct 5 07:39:22.187: EZVPN(backup): New State: READY
*Oct 5 07:39:22.187: EZVPN(backup): Current State: READY
*Oct 5 07:39:22.187: EZVPN(backup): Event: CONNECT
*Oct 5 07:39:22.187: EZVPN(backup): No state change
*Oct 5 07:39:22.187: ISAKMP:(0):receive null address from sa_req (local 0.0.0.0,
remote 10.175.161.41)
*Oct 5 07:39:22.191: ISAKMP: Error while processing SA request: Failed to initialize
SA
*Oct 5 07:39:22.191: ISAKMP: Error while processing KMI message 0, error 2.
*Oct 5 07:40:03.551: ISAKMP:(2018):purging SA., sa=841CC6D0, delme=841CC6D0