"ISM-VPN background" process error

[config t]

Has anyone seen this before? I'm seeing this error flood the logs on one of my DMVPN spoke routers. EIGRP isn't flapping and the IPSEC tunnel is stable. It's not pegging out the proc either. It's just annoying at this point.

The 10.0.10.12 is a loopback used as DMVPN tunnel source.

Code Select Expand


*Jun 22 02:08:59.083: %IP-3-DESTHOST: src=10.0.10.12, dst=0.0.0.0, NULL desthost -Process= "ISM-VPN background", ipl= 0, pid= 53
-Traceback= 58FAF34z 411D2D8z 411DBECz 9CC0778z 9CC08F0z 4DD4DACz 4DBAC7Cz
*Jun 22 02:08:59.875: %IP-3-DESTHOST: src=10.0.10.12, dst=0.0.0.0, NULL desthost -Process= "ISM-VPN background", ipl= 0, pid= 53
-Traceback= 58FAF34z 411D2D8z 411DBECz 9CC0778z 9CC08F0z 4DD4DACz 4DBAC7Cz


I can't find anything useful from the Google.

[Otanx]

Did you see the bug - CSCdu06914?

It is older, but I have seen bugs come back in newer releases on occasion. Is your default route pointed to an interface? instead of a next hop IP?

-Otanx

[deanwebb]

NECROBUGS!!! AIIIEEEEE!!!!

[config t]

Did you see the bug - CSCdu06914?

It is older, but I have seen bugs come back in newer releases on occasion. Is your default route pointed to an interface? instead of a next hop IP?

-Otanx

Oh ok so this is from back in the 12.x days.

c3900-universalk9-mz.SPA.152-4.M2.bin

This router is riding a SATCOM shot using a TDMA Linkway modem. It uses RIP between the modems and then learns a default route through EIGRP once the tunnel is established. The default route points at the DMVPN hub on a backside router we use as a landing point.

Today I am going to try switching the crypto engine over from the VPN module to the onboard and see if anything blows up. It's not in production yet anyway.

Code Select Expand


RTR#show crypto engine brief
        crypto engine name:  Virtual Private Network (VPN) Module
        crypto engine type:  hardware
                     State:  Disabled
                  Location:  onboard 0
              Product Name:  Onboard-VPN
                FW Version:  1
              Time running:  63876 seconds
               Compression:  Yes
                       DES:  Yes
                     3 DES:  Yes
                   AES CBC:  Yes (128,192,256)
                  AES CNTR:  No
     Maximum buffer length:  4096
          Maximum DH index:  0000
          Maximum SA index:  0000
        Maximum Flow index:  8000
      Maximum RSA key size:  0000

        crypto engine name:  Virtual Private Network (VPN) Module
        crypto engine type:  hardware
                     State:  Enabled
                  Location:  slot 0
              Product Name:  ISM VPN Accelerator
              UBOOT Ver   : U-Boot 1.1.1 - ISRG2-Crypto-Engine - Version 2.7 (Build time: Mar  7 2011 - 09:12:23)
              Firmware Ver:   User: sripadma - View/Label: REVENTON_V6_FW_COMMIT_IOS_10162012 - Date: Oct 16 2012 - Time: 14:19:18

              HW State    : READY

               Compression:  No
                       DES:  Yes
                     3 DES:  Yes
                   AES CBC:  Yes (128,192,256)
                  AES CNTR:  No
     Maximum buffer length:  4096
          Maximum DH index:  5120
          Maximum SA index:  5120
        Maximum Flow index:  10230
      Maximum RSA key size:  2048


        crypto engine name:  Cisco VPN Software Implementation
        crypto engine type:  software
             serial number:  7250EFF8
       crypto engine state:  installed
     crypto engine in slot:  N/A