Cisco Cisco IOS Software Release 12.4(4)T
435
Caveats for Cisco IOS Release 12.4T
OL-8003-09 Rev. Z0
Resolved Caveats—Cisco IOS Release 12.4(20)T4
•
CSCte34718
Symptoms: Network Time Protocol (NTP) may lose synchronization.
Conditions: This symptom is observed on a Cisco 871 router with board rev. C0.
Workaround: Revert to Cisco IOS Release 12.4(15)T3.
Resolved Caveats—Cisco IOS Release 12.4(20)T4
Cisco IOS Release 12.4(20)T4 is a rebuild release for Cisco IOS Release 12.4(20)T. The caveats in this
section are resolved in Cisco IOS Release 12.4(20)T4 but may be open in previous Cisco IOS releases.
section are resolved in Cisco IOS Release 12.4(20)T4 but may be open in previous Cisco IOS releases.
•
CSCsd77560
Symptoms: SNMPv3 “auth” and “priv” users are lost across reload.
Conditions: Occurs after a reload.
Workaround: There is no workaround.
•
CSCsg00102
Symptoms: SSLVPN service stops accepting any new SSLVPN connections.
Conditions: A device configured for SSLVPN may stop accepting any new SSLVPN connections,
due to a vulnerability in the processing of new TCP connections for SSLVPN services. If “debug ip
tcp transactions” is enabled and this vulnerability is triggered, debug messages with connection
queue limit reached will be observed.
due to a vulnerability in the processing of new TCP connections for SSLVPN services. If “debug ip
tcp transactions” is enabled and this vulnerability is triggered, debug messages with connection
queue limit reached will be observed.
This vulnerability is documented in two separate Cisco bug IDs, both of which are required for a
full fix CSCso04657 and CSCsg00102.
full fix CSCso04657 and CSCsg00102.
•
CSCsj17977
Symptoms: The GETVPN rekey fails. The following error message shows in the syslog:
%GDOI-3-GM_NO_IPSEC_FLOWS: IPSec FLOW limit possibly reached
The show crypto engine connections flow will show that all flows are used. For
hardware-accelerated platforms, use the show crypto eli command to see how many Phase IIs are
supported.
hardware-accelerated platforms, use the show crypto eli command to see how many Phase IIs are
supported.
Conditions: This problem is seen when the registration is not successful on a group member and then
the flow IDs allocated for that incomplete registration are not cleaned up.
the flow IDs allocated for that incomplete registration are not cleaned up.
Workaround: Reload the router, if the all the flow IDs are leaked.
•
CSCsk80396
Symptoms: Router crashes when jitter operation takes place.
Conditions: This crash is inconsistent and is seen while auto Ethernet operation is configured to
carry on jitter operation on an interface configured with no ethernet cfm enable.
carry on jitter operation on an interface configured with no ethernet cfm enable.
Workaround: There is no workaround.
•
CSCsl15443
Symptoms: Console port can lock up after 10-15 minutes. Telnet sessions fail.
Conditions: Occurs when terminal server is connected to router’s console port.
Workaround: There is no workaround.