Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

CSCth29311 - Dynamic L2L Tunnels can replace Static RRI Routes

                   He need to help

https://tools.cisco.com/bugsearch/bug/CSCth29311

crypto map CRYPTO-DEFAULT 160 match address Azure-crypto
crypto map CRYPTO-DEFAULT 160 set peer 137.117.161.73
crypto map CRYPTO-DEFAULT 160 set transform-set ESP-AES-256-SHA
crypto map CRYPTO-DEFAULT 160 set security-association lifetime seconds 3600
crypto map CRYPTO-DEFAULT 160 set security-association lifetime kilobytes 102400000
crypto map CRYPTO-DEFAULT 160 set reverse-route

crypto map CRYPTO-DEFAULT 170 match address Realtech-crypto
crypto map CRYPTO-DEFAULT 170 set peer 93.90.21.245
crypto map CRYPTO-DEFAULT 170 set transform-set ESP-AES-256-SHA
crypto map CRYPTO-DEFAULT 170 set security-association lifetime seconds 3600
crypto map CRYPTO-DEFAULT 170 set reverse-route

      RSI-ASA1# sh ver

Cisco Adaptive Security Appliance Software Version 8.2(1)
Device Manager Version 6.2(1)

Compiled on Tue 05-May-09 22:45 by builders
System image file is "disk0:/asa821-k8.bin"
Config file at boot was "startup-config"

RSI-ASA1 up 7 days 3 hours
failover cluster up 7 days 3 hours

Hardware:   ASA5520, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB

Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
                           Boot microcode   : CN1000-MC-BOOT-2.00
                           SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
                           IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.04
0: Ext: GigabitEthernet0/0  : address is 0026.0b31.522e, irq 9
1: Ext: GigabitEthernet0/1  : address is 0026.0b31.522f, irq 9
2: Ext: GigabitEthernet0/2  : address is 0026.0b31.5230, irq 9
3: Ext: GigabitEthernet0/3  : address is 0026.0b31.5231, irq 9
4: Ext: Management0/0       : address is 0026.0b31.5232, irq 11
5: Int: Not used            : irq 11
6: Int: Not used            : irq 5

Licensed features for this platform:
Maximum Physical Interfaces  : Unlimited
Maximum VLANs                : 150
Inside Hosts                 : Unlimited
Failover                     : Active/Active
VPN-DES                      : Enabled
VPN-3DES-AES                 : Enabled
Security Contexts            : 2
GTP/GPRS                     : Disabled
SSL VPN Peers                : 100
Total VPN Peers              : 750
Shared License               : Disabled
AnyConnect for Mobile        : Disabled
AnyConnect for Linksys phone : Disabled
AnyConnect Essentials        : Disabled
Advanced Endpoint Assessment : Disabled
UC Phone Proxy Sessions      : 2
Total UC Proxy Sessions      : 2
Botnet Traffic Filter        : Disabled

This platform has an ASA 5520 VPN Plus license.

Serial Number: JMX1337L26T
Running Activation Key: 0x9207c551 0x203587d4 0xd41345a0 0x894cc424 0x0d371c93
Configuration register is 0x1
Configuration last modified by enable_15 at 01:29:41.324 CET Thu Dec 19 2013

2 REPLIES
Community Member

CSCth29311 - Dynamic L2L Tunnels can replace Static RRI Routes

UPGRADE VERSION

El BUG está asociado a esta versión 8.2 (1) y tal como comenta Cisco en el workround habrá que remover y añadir  manual la Crypto map . Pero evidentemente no es la mejor solución lo cual el fabricante recomienda hacer un upgrade de la versión a la 8.4.7 ED.

Vitor Morais BT Spain

Cisco Employee

CSCth29311 - Dynamic L2L Tunnels can replace Static RRI Routes

If you are looking for a fix for this bug, please open a TAC case so that they can better assist you.

Sincerely,

David.

195
Views
0
Helpful
2
Replies
CreatePlease to create content