11-27-2007 04:42 PM
Hi,
I have added a really simple EEM script to my routers to reset the GDOI VPN following a rekey failure. It looks like this:
event manager applet reset-gdoi
event syslog occurs 2 pattern "%CRYPTO-4-RECVD_PKT_NOT_IPSEC:"
action 1 cli command "enable"
action 2 cli command "clear crypto gdoi"
action 3 syslog msg "GDOI failure - resetting VPN"
The issue I have is that when this policy executes (perfectly sucessfully), the NEXT time I connect to the router via the VTY line I get something like this:
Username:^@
Ie the login prompt is populated with random characters!
Any ideas ?
Cheers,
Martin
Solved! Go to Solution.
11-27-2007 11:02 PM
I don't see a bug for this, but the problem is fixed in 12.4(15)T. I had noticed a similar symptom a while ago where I would get three login prompts following the execution of an applet. While I can still reproduce this using your applet in 12.4(11)T, I can no longer reproduce in 12.4(15)T. If you need a bug for, I suggest you open a TAC service request.
11-27-2007 07:29 PM
Please post a show ver from this device.
11-27-2007 07:32 PM
#sh ver
Cisco IOS Software, C180X Software (C180X-ADVIPSERVICESK9-M), Version 12.4(11)T1, RELEASE SOFTWARE (fc5)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Thu 25-Jan-07 10:15 by prod_rel_team
ROM: System Bootstrap, Version 12.3(8r)YH6, RELEASE SOFTWARE (fc1)
ar1-1999 uptime is 1 week, 1 day, 20 hours, 39 minutes
System returned to ROM by bus error at PC 0x818D80EC, address 0x818D80EC at 17:29:24 aesdt Mon Nov 19 2007
System restarted at 17:32:36 aesdt Mon Nov 19 2007
System image file is "flash:c180x-advipservicesk9-mz.124-11.T1.bin"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
Cisco 1801 (MPC8500) processor (revision 0x400) with 111616K/19456K bytes of memory.
Processor board ID FCZ101110J1, with hardware revision 0000
9 FastEthernet interfaces
1 ISDN Basic Rate interface
1 ATM interface
31360K bytes of ATA CompactFlash (Read/Write)
Configuration register is 0x2102
(I realise it is a buggy IOS, but to date has not caused us any grief :) )
11-27-2007 11:02 PM
I don't see a bug for this, but the problem is fixed in 12.4(15)T. I had noticed a similar symptom a while ago where I would get three login prompts following the execution of an applet. While I can still reproduce this using your applet in 12.4(11)T, I can no longer reproduce in 12.4(15)T. If you need a bug for, I suggest you open a TAC service request.
11-28-2007 02:36 PM
Hi,
Thanks for confirming the issue. At least I know I was not imagining it.
Provided the 12.4(15) release gives me full support for the GET VPN I will look at deploying it. I will definately lab it up.
In the meantime, the prospect of rolling out a new IOS to 210 routers with only 32mb of flash is daunting :)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide