Field Notice: FN - 64138 - IP Phones Freeze, Reboot, and Disconnect from the VPN After Software Upgrade - Firmware Upgrade Required

Available Languages

Updated:July 1, 2016

Document ID:FN64138

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

NOTICE:

THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.

Revision History

Revision	Date	Comment
1.0	01-JUL-2016	Initial Public Release

Products Affected

Products Affected
IPPHONE

Problem Description

The IP phone freezes, reboots, and disconnects from the VPN after an upgrade from Cisco IOS^® Software Release 15.3(3)M3 to Cisco IOS Software Release 15.3(3)M4.

Background

The problem is caused by the Cisco IOS code change, which expects a Datagram Transport Layer Security (DTLS) header from the phone. Specifically, the X-DTLS-Header-Pad-Length attribute in the CONNECT message.

The phones hit two additional bugs (see the CDETS section) and are unable to complete the process. As a result, the phones fall back to TLS which causes the indicated behavior.

The VPN client that runs in the phone firmware is not based on the AnyConnect client, but instead uses the AnyConnect protocol.

All firmware versions that support DTLS, Cisco IOS Software Releases 15.3(3)M4 and 15.4(3)M5 and later, are affected.

Problem Symptoms

The IP phone freezes, reboots, and disconnects from the VPN after an upgrade from Cisco IOS Software Release 15.3(3)M3 to Cisco IOS Software Release 15.3(3)M4.

Workaround/Solution

Workaround

Cisco IOS version 15.4(3)M4 can be used as a workaround because it does not contain the code change to expect a DTLS header from the phone.

Solution

Cisco recommends to use Cisco IOS Software Release 15.4(3) M4 per the workaround.

CDETS

To follow the bug ID link below and see detailed bug information, you must be a registered customer and you must be logged in.

CDETS	Description
CSCup56792 (registered customers only)	Supporting 4 byte DTLS header: This bug is raised to track the migration of DTLS header from 1 byte to 4 bytes to improve performance.
CSCte01414 (registered customers only)	[DTLS] CDTP Header length shall be negotiable: This is an enhancement to AnyConnect. This is not a bug.
CSCuy90621 (registered customers only)	78xx/88xx do not support X-DTLS-Header-Pad-Length:

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

Receive Email Notification For New Field Notices

Cisco Notification Service—Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.

Was this Document Helpful?

Feedback

Contact Cisco

Open a Support Case
(Requires a Cisco Service Contract)