Cisco Cisco IOS Software Release 12.4(23)
579
Caveats for Cisco IOS Release 12.4
OL-7656-15 Rev. J0
Resolved Caveats—Cisco IOS Release 12.4(7e)
This issue is triggered by a logic error when processing extended communities on the PE device.
This issue cannot be deterministically exploited by an attacker.
Cisco has released free software updates that address these vulnerabilities. Workarounds that
mitigate these vulnerabilities are available.
mitigate these vulnerabilities are available.
This advisory is posted at
•
CSCse04037
Symptoms: A ping or a Telnet connection from an inside gateway to an outside gateway through a
router that is configured for NAT may fail because of an error in the NAT table lookup process.
router that is configured for NAT may fail because of an error in the NAT table lookup process.
Conditions: This symptom is observed on a Cisco router when the preserve-port keyword is not
configured in the ip nat service command and occurs whether or not NAT Overload is configured.
configured in the ip nat service command and occurs whether or not NAT Overload is configured.
Workaround: There is no workaround.
•
CSCsf20947
Symptoms: A default route that is defined by the neighbor default-originate command may be
ignored by the BGP neighbor.
ignored by the BGP neighbor.
Conditions: This symptom is observed on a Cisco router after a route flap in the network causes the
default route to be relearned.
default route to be relearned.
Workaround: Manually clear the BGP neighbor to enable the router to correctly relearn the default
route.
route.
•
CSCsg00860
Symptoms: Enabling NAT outside on the public interface terminates the VPN connection as
GREoverIPSEC. Inbound ACL applied on the public interface starts to drop decrypted GRE traffic.
GREoverIPSEC. Inbound ACL applied on the public interface starts to drop decrypted GRE traffic.
Conditions: This symptom has been observed with the use of IP NAT outside on the public VPN
interface.
interface.
Workaround: There are two workarounds:
1.
Configure NAT translations for all traffic, to force NAT processing on the packet even if no
address will actually be translated. Example:
address will actually be translated. Example:
ip nat inside source static 171.16.68.5 171.16.68.5
It is not a scalable workaround but may work for some deployments.
2.
Configure an additional ACL entry in the inbound access-list to permit the incoming GRE
traffic.
traffic.
•
CSCsh80678
Symptoms: New or flapping IGP routes may be injected into BGP even though no corresponding
network statements exist.
network statements exist.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(22) or a
later release when the auto-summary command is enabled for BGP.
later release when the auto-summary command is enabled for BGP.
Workaround: Enter the no auto-summary command.
Miscellaneous
•
CSCei49231
Symptoms: A router may crash when a large number of calls passes through an E1 CAS link.