Hub crashed while removing Stale Cache entry, Fixed CSCua45206

Symptoms: The hub router crashes while removing the Stale Cache entry.
Conditions: This symptom occurs when two spokes are translated to the same NAT address.
Workaround: Spokes behind the same NAT box must be translated to different post-NAT Addresses.

IOS IPSec Tunnel CERM Count leak, Fixed CSCua21166

Symptoms: Unable to form IPSec tunnels due to error: ''RM-4-TUNNEL_LIMIT: Maximum tunnel limit of 225 reached for Crypto functionality with securityk9 technology package license.''
Conditions: Even though the router does not have 225 IPsec SA pairs, error will prevent IPSec from forming. Existing IPSec SAs will not be affected.
Workaround: Reboot to clear out the leaked counter, or install hsec9 which will disable CERM (Crypto Export Restrictions Manager). PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 2.8/2.3: https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:M/Au:M/C:N/I:N/A:P/E:U/RL:W/RC:C No CVE ID has been assigned to this issue. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

IOS VPN Hot Issues from Cisco TAC

Hub crashed while removing Stale Cache entry, Fixed CSCua45206

IOS IPSec Tunnel CERM Count leak, Fixed CSCua21166