On all RSP and RSM processors, when an interface in the router is configured with an IPSec crypto map and the switching mode is Cisco Express Forwarding (CEF), the RSP and RSM will restart when it attempts to decrypt IPSec packets.
This defect is tracked with CSCdp58142.
CSCdp58142 exists due to CSCdm60335 and CSCdp21248.
CSCdm60335 affected Cisco IOS 12.0T and 12.0(5)XE trains.
CSCdp21248 affected Cisco IOS 12.0, 12.0T, 12.0XE, and 12.0S trains.
The problem manifests as a system restart when IPSec and CEF switching is running on RSP and RSM processors that are running software that has not implemented the fix for the software defect CSCdp58142.
The short-term workaround for systems running affected Cisco IOS images is to turn the CEF switching option off on all interfaces that have crypto map entries applied to them.
The Cisco IOS interface configuration command to turn CEF off is presented below: