Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

The interface ACL is processed twice for IPSec traffic on the router, and the router cannot pass traffic

Core issue

This issue occurs due to the presence of Cisco bug ID CSCsc43461.

This problem occurs on a Cisco IOS  router running Cisco IOS  Interim Software Release 12.4(3.9)T7 or later configured for IPSec, where the crypto interface has an input Access Control List (ACL) that does not explicitly permit traffic for the inner data packets (what is encapsulated within IPSec).

In this scenario, a Cisco IOS router configured for IPSec can drop every other packet.

Resolution

As a workaround, perform either of these steps:

  • Do not configure the IPSec, and explicitly allow inner data packets to be encapsulated by IPSec.

  • Download and upgrade to these Cisco IOS versions:

  • 12.4(5.8)T

  • 12.4(4)T01

 

 


868
Views
0
Helpful
0
Comments