Project

General

Profile

Actions

Bug #11792

closed

Cannot disable IPsec P1 when related P2s are in VTI mode and enabled

Added by Marcos M almost 3 years ago. Updated almost 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Viktor Gurov
Category:
IPsec
Target version:
Start date:
04/08/2021
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
21.05
Release Notes:
Default
Affected Version:
Affected Architecture:

Description

Setup:
IPsec Phase 1 with one or more Phase 2 entries in VTI mode. No IPsec interfaces assigned.

Issue:
While both P1 and P2 are enabled, try disabling the P1. The following error is shown:

Cannot disable a Phase 1 with a child Phase 2 while the interface is assigned. Remove the interface assignment before disabling this P2.

Expected:
  1. When clicking disable on P1, the P1 along with all its P2s should be disabled to match the behavior of non-vti P2s - as long as related IPsec interfaces are assigned.
  2. The error description should say:
    Cannot disable a Phase 1 with a child Phase 2 while the interface is assigned. Remove the interface assignment before disabling this P1.
    

This is related to #10190


Related issues

Related to Bug #12198: Disabling an IPsec phase 1 entry does not disable related phase 2 entriesResolvedViktor Gurov

Actions
Actions

Also available in: Atom PDF