Cisco Cisco IOS Software Release 12.2(14)S
12
Release Notes for Cisco 7000 Family for Cisco IOS Release 12.2(14)SU
OL-5458-01 B0
Caveats
%CRYPTO_HA-3-IPSECADDENTRYFAIL: (VIP=80.0.0.200) IPSEC SA entry insertion on standby
device failed
Condition: This occurs when Quality of Service (QoS) is enabled, and 64 bytes packets of voice
data are being sent. At rekey time, we may run into this problem; no failover attempt is needed to
trigger this.
data are being sent. At rekey time, we may run into this problem; no failover attempt is needed to
trigger this.
Workaround: Do not send small size packets.
•
CSCed31869
Symptom: During rekey we may see the following Invalid Packet message:
%VPN_HW-1-PACKET_ERROR: slot: 6 Packet Encryption/Decryption error, Invalid Packet
Condition: At rekey time, we may run into this problem; no failover attempt is needed to trigger
this.
this.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.2(14)SU
This section describes caveats that have been resolved by Cisco IOS Release 12.2(14)SU.
•
CSCdt38138
Symptom: A Cisco 7200 series router configured for IPSec may reboot with a bus error. This occurs
due to a race condition in rare circumstances. Often, reloading helps continue operations until the
code is upgraded.
due to a race condition in rare circumstances. Often, reloading helps continue operations until the
code is upgraded.
Workaround: There is no workaround.
•
CSCdu14815
Symptoms: In a multiple crypto peer and tunnel environment, packets may be encrypted with the
wrong security associations and delivered to the wrong peers. This symptom may coincide with the
following error on the unintended crypto peers:
wrong security associations and delivered to the wrong peers. This symptom may coincide with the
following error on the unintended crypto peers:
%CRYPTO-4-RECVD_PKT_INV_IDENTITY: identity doesn’t match negotiated identity
Conditions: This symptom is observed if the encryption router is a Cisco 7100 series or a
Cisco 7200 series that is configured with an Integrated Service Adapter (ISA), an Integrated Service
Module (ISM), a Virtual Private Network (VPN) Acceleration Module (VAM), an IP Security
(IPSec) accelerator module and that is running Cisco Express Forwarding (CEF) switching.
Cisco 7200 series that is configured with an Integrated Service Adapter (ISA), an Integrated Service
Module (ISM), a Virtual Private Network (VPN) Acceleration Module (VAM), an IP Security
(IPSec) accelerator module and that is running Cisco Express Forwarding (CEF) switching.
Workaround: Use fast switching instead of CEF switching.
•
CSCdu27522
Symptoms: A simple data encryption standard (DES) encrypted mechanism is needed to set a
configuration password.
configuration password.
Workaround: A configuration password can be set using:
key config-key encrypted-password <minimum 8 chars password>
This password is stored in private NVRAM and can not be viewed. This same password should be
used for a DES encryption (and subsequent decryption).
used for a DES encryption (and subsequent decryption).
Note
This DDTS has been incorporated in Cisco IOS Release 12.2(14)SU as a feature.