×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

The interface ACL is processed twice for IPSec traffic on the router, and the router cannot pass traffic

Document

Wed, 07/22/2009 - 19:52
Jun 22nd, 2009
User Badges:
  • Gold, 750 points or more

Core issue

This issue occurs due to the presence of Cisco bug ID CSCsc43461.

This problem occurs on a Cisco IOS  router running Cisco IOS  Interim Software Release 12.4(3.9)T7 or later configured for IPSec, where the crypto interface has an input Access Control List (ACL) that does not explicitly permit traffic for the inner data packets (what is encapsulated within IPSec).

In this scenario, a Cisco IOS router configured for IPSec can drop every other packet.


Resolution

As a workaround, perform either of these steps:


  • Do not configure the IPSec, and explicitly allow inner data packets to be encapsulated by IPSec.

  • Download and upgrade to these Cisco IOS versions:

  • 12.4(5.8)T

  • 12.4(4)T01


 

 



Loading.

Actions

This Document

Related Content