Ran into this on our routers.
This fix may help if you can't upgrade.
ip access-list extended BLOCK_IKE
deny udp any any eq isakmp
deny udp any any eq 4500
permit ip any any
!
ip access-list extended PERMIT_ANY
permit ip any any
ip receive access-list BLOCK_IKE sequence 5
ip receive access-list PERMIT_ANY sequence 99
ip receive access-list enable-deny-logging
* If the customer is already using receive ACLs they might want to skip seq 99 and also "permit ip any any" line in BLOCK_IKE ACLs
* To verify the packets blocked:
sh access-list receive accounting name BLOCK_IKE
> From: "Clement Cavadore" <clement@cavadore.net>
> To: foundry-nsp@puck.nether.net
> Sent: Thursday, September 22, 2016 3:18:22 AM
> Subject: [f-nsp] Brocade Tech support Bulletin TSB 2016-242-A
> Hi all,
> Be advised that if you run MLXe with 5.8.00 > 5.8.00e, 5.9.00 >
> 5.9.00bd, or 6.0.00 > 6.0.00a, you should consider upgrading to the
> latest release immediately.
> A critical defect (DEFECT 617836) may cause unexpected MLX Line Card
> reloads due to some IPSec packets received.
> Regards,
> --
> Clément Cavadore
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp@puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
> From: "Clement Cavadore" <clement@cavadore.net>
> To: foundry-nsp@puck.nether.net
> Sent: Thursday, September 22, 2016 3:18:22 AM
> Subject: [f-nsp] Brocade Tech support Bulletin TSB 2016-242-A
> Hi all,
> Be advised that if you run MLXe with 5.8.00 > 5.8.00e, 5.9.00 >
> 5.9.00bd, or 6.0.00 > 6.0.00a, you should consider upgrading to the
> latest release immediately.
> A critical defect (DEFECT 617836) may cause unexpected MLX Line Card
> reloads due to some IPSec packets received.
> Regards,
> --
> Clément Cavadore
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp@puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp