BugZero found this defect 2196 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
5/15/2018
Firebox M200
Firebox M300
Firebox M270
Firebox M370
Firebox M470
Firebox M570
Firebox M670
Firebox M290
Firebox M390
Firebox M400
Firebox M500
Firebox M440
All
Fireware
12.x
12.0.x
12.1.x
12.1
12.1.1
12.1.3
12.10.x
12.2.x
12.3.x
12.4.x
All
If you configure an IKEv2-based branch office VPN tunnel to a Cisco or other device that sends larger than expected IKE_Auth requests, the Firebox will drop those requests and the VPN will fail. If this occurs, you see a log message that looks like this: Apr 24 10:50:07 iked[1869]: (203.0.113.2<->198.51.100.2)drop the received IKEv2 message from 198.51.100.2:4500 - reason="ike2_CheckParsePayload_CFG: the recevied CFG payload has the invalid type or Attributes"
To avoid this issue, you must use the command no config-exchange request on the Cisco or other remote device to disable the config-exchange request.