IOS VPN Hot Issues from Cisco TAC

XAUTH user remains if authenticated by different user during P1 rekey, Fixed CSCtl05684

Symptoms: Xauth user information remains in "show crypto session summary" output.
Conditions: - This symptom is observed when running EzVPN and if Xauth is performed by different username during P1 rekey. - Use NAT in the VPN path
Workaround: Use save-password feature (without interactive Xauth mode) to avoid sending the different username and password during P1 rekey.

7200 crashes with c7200-vsa, CSCtx40178

Symptom: A Cisco 7200 router with a C7200-VSA module will crash the router.
Conditions: This happens when trying to boot 15.1(4)M3.
Workaround: Without the C7200-VSA the router will boot fine.

%CONST_DIAG-SP-3-HM_TEST_FAIL:TestIPSecEncrypDecrypPkt seen randomly, Fixed CSCtg08523

Symptoms: The following message is seen at random intervals on the console and/or in the syslogs: %CONST_DIAG-SP-3-HM_TEST_FAIL:TestIPSecEncrypDecrypPkt
Conditions: This issue is seen on a Catalyst 6500 with an SPA-IPSEC-2G module running Cisco IOS version 12.2SXI.
Workaround: There is no workaround.
Further Problem Description: The root cause appears to be the SPA not replying to the diagnostic packets from the supervisor from time to time. User traffic is not affected.