Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Bug ID CSCti63508

Hi,

Just wondering if anyone has ever come across this bug.

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCti63508&from=summary

I've just installed a 2951 into a site and I need to set up multiple site to site vpn's,  i have all teh VPN's configured, with the crypto ACL's all containing object groups.

When I apply the crypto map to the interface, I loose connectivity to the outside world.  I can't ping my next hop, I can't get into the router from the outside etc,  When I remove the crypto map, everything comes back to life.

I'm having trouble deciphering the "conditions" under which this bug applies, maybe someone has come across it.

While I'm here, what's the story with upgrading version 15.1 IOS versions.  Can I still upgrade the minor version without violating the license like the older IOS versions.?

Thanks,

Neil

2 REPLIES
New Member

Re: Bug ID CSCti63508

OK - so is this right.....???

http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_object_group_acl.html#wp1132617

- Object Groups are not supported with IPSec.  Is that why they won't work with my crypto maps.............

Needless to say - I'm not happy.......

Cisco Employee

Re: Bug ID CSCti63508

Hi Neil,

Yes, that's correct, you can't do that, it's currently unsupported.

I suggest you contact your account team with your request. Maybe it will be implemented one day by this bug:

CSCsq33560    ENH: Add support for object group ACL in ipsec crypto ACL.

It's not easy to implement because of crypto hw limitations, e.g. on VSA.

Developers are currently not working on it because they haven't seen enough interest from customers.

The bug you mentioned is only related to ACLs, not Crypto. You can ignore it.

cheers,

Xavier

218
Views
0
Helpful
2
Replies
CreatePlease login to create content