<html><body><div style="font-family: arial, helvetica, sans-serif; font-size: 12pt; color: #000000"><style type="text/css" scoped="">
p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px 'Trebuchet MS'; color: #000000; -webkit-text-stroke: #000000}
p.p2 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px 'Trebuchet MS'; color: #000000; -webkit-text-stroke: #000000; min-height: 12.0px}
p.p3 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px 'Trebuchet MS'; color: #c45911; -webkit-text-stroke: #c45911}
p.p4 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px 'Trebuchet MS'; color: #c45911; -webkit-text-stroke: #c45911; min-height: 12.0px}
li.li1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px 'Trebuchet MS'; color: #000000; -webkit-text-stroke: #000000}
span.s1 {text-decoration: underline ; font-kerning: none}
span.s2 {font-kerning: none}
span.s3 {font: 12.0px Helvetica; color: #000000}
span.s4 {font: 12.0px Helvetica; color: #000000; -webkit-text-stroke: 0px #c45911}
</style><div style="font-family: arial, helvetica, sans-serif; font-size: 12pt; color: #000000;" data-mce-style="font-family: arial, helvetica, sans-serif; font-size: 12pt; color: #000000;"><div><p class="p1" style="margin: 0px;" data-mce-style="margin: 0px;">Ran into this on our routers. </p><p class="p1" style="margin: 0px;" data-mce-style="margin: 0px;"><br data-mce-bogus="1"></p><p class="p1" style="margin: 0px;" data-mce-style="margin: 0px;">This fix may help if you can't upgrade. </p><p class="p2" style="margin: 0px;" data-mce-style="margin: 0px;"><span class="s2"></span><br></p><p class="p3" style="margin: 0px;" data-mce-style="margin: 0px;"><span class="s2">ip access-list extended BLOCK_IKE</span></p><p class="p3" style="margin: 0px;" data-mce-style="margin: 0px;"><span class="s2"><span class="Apple-converted-space"> </span>deny udp any any eq isakmp</span></p><p class="p3" style="margin: 0px;" data-mce-style="margin: 0px;"><span class="s2"><span class="Apple-converted-space"> </span>deny udp any any eq 4500</span></p><p class="p3" style="margin: 0px;" data-mce-style="margin: 0px;"><span class="s2"><span class="Apple-converted-space"> </span>permit ip any any</span></p><p class="p3" style="margin: 0px;" data-mce-style="margin: 0px;"><span class="s2">!</span></p><p class="p3" style="margin: 0px;" data-mce-style="margin: 0px;"><span class="s2">ip access-list extended PERMIT_ANY</span></p><p class="p3" style="margin: 0px;" data-mce-style="margin: 0px;"><span class="s2"><span class="Apple-converted-space"> </span>permit ip any any</span></p><p class="p4" style="margin: 0px;" data-mce-style="margin: 0px;"><span class="s2"></span><br></p><p class="p3" style="margin: 0px;" data-mce-style="margin: 0px;"><span class="s2">ip receive access-list BLOCK_IKE sequence 5</span></p><p class="p3" style="margin: 0px;" data-mce-style="margin: 0px;"><span class="s2">ip receive access-list PERMIT_ANY sequence 99</span></p><p class="p3" style="margin: 0px;" data-mce-style="margin: 0px;"><span class="s2">ip receive access-list enable-deny-logging</span></p><p class="p2" style="margin: 0px;" data-mce-style="margin: 0px;"><span class="s2"></span><br></p><ul><li class="li1"><span class="s3"></span><span class="s2">If the customer is already using receive ACLs they might want to skip seq 99 and also "permit ip any any" line in BLOCK_IKE ACLs</span></li><li class="li1"><span class="s3"></span><span class="s2">To verify the packets blocked:</span></li></ul><p class="p3" style="margin: 0px;" data-mce-style="margin: 0px;"><span class="s2">sh access-list receive accounting name BLOCK_IKE<span class="Apple-converted-space">   </span></span></p><div><span class="s4"></span><br></div><br></div><hr id="zwchr" data-marker="__DIVIDER__"><div data-marker="__HEADERS__"><blockquote style="border-left: 2px solid #1010FF; margin-left: 5px; padding-left: 5px; color: #000; font-weight: normal; font-style: normal; text-decoration: none; font-family: Helvetica,Arial,sans-serif; font-size: 12pt;" data-mce-style="border-left: 2px solid #1010FF; margin-left: 5px; padding-left: 5px; color: #000; font-weight: normal; font-style: normal; text-decoration: none; font-family: Helvetica,Arial,sans-serif; font-size: 12pt;"><b>From: </b>"Clement Cavadore" <clement@cavadore.net><br><b>To: </b>foundry-nsp@puck.nether.net<br><b>Sent: </b>Thursday, September 22, 2016 3:18:22 AM<br><b>Subject: </b>[f-nsp] Brocade Tech support Bulletin TSB 2016-242-A<br></blockquote></div><div data-marker="__QUOTED_TEXT__"><blockquote style="border-left: 2px solid #1010FF; margin-left: 5px; padding-left: 5px; color: #000; font-weight: normal; font-style: normal; text-decoration: none; font-family: Helvetica,Arial,sans-serif; font-size: 12pt;" data-mce-style="border-left: 2px solid #1010FF; margin-left: 5px; padding-left: 5px; color: #000; font-weight: normal; font-style: normal; text-decoration: none; font-family: Helvetica,Arial,sans-serif; font-size: 12pt;">Hi all,<br><br>Be advised that if you run MLXe with 5.8.00 > 5.8.00e, 5.9.00 ><br>5.9.00bd, or 6.0.00 > 6.0.00a, you should consider upgrading to the<br>latest release immediately.<br><br>A critical defect (DEFECT 617836) may cause unexpected MLX Line Card<br>reloads due to some IPSec packets received.<br><br>Regards,<br>-- <br>Clément Cavadore<br><br>_______________________________________________<br>foundry-nsp mailing list<br>foundry-nsp@puck.nether.net<br>http://puck.nether.net/mailman/listinfo/foundry-nsp</blockquote></div></div><br><br><hr id="zwchr" data-marker="__DIVIDER__"><div data-marker="__HEADERS__"><blockquote style="border-left: 2px solid #1010FF; margin-left: 5px; padding-left: 5px; color: #000; font-weight: normal; font-style: normal; text-decoration: none; font-family: Helvetica,Arial,sans-serif; font-size: 12pt;" data-mce-style="border-left: 2px solid #1010FF; margin-left: 5px; padding-left: 5px; color: #000; font-weight: normal; font-style: normal; text-decoration: none; font-family: Helvetica,Arial,sans-serif; font-size: 12pt;"><b>From: </b>"Clement Cavadore" <clement@cavadore.net><br><b>To: </b>foundry-nsp@puck.nether.net<br><b>Sent: </b>Thursday, September 22, 2016 3:18:22 AM<br><b>Subject: </b>[f-nsp] Brocade Tech support Bulletin TSB 2016-242-A<br></blockquote></div><div data-marker="__QUOTED_TEXT__"><blockquote style="border-left: 2px solid #1010FF; margin-left: 5px; padding-left: 5px; color: #000; font-weight: normal; font-style: normal; text-decoration: none; font-family: Helvetica,Arial,sans-serif; font-size: 12pt;" data-mce-style="border-left: 2px solid #1010FF; margin-left: 5px; padding-left: 5px; color: #000; font-weight: normal; font-style: normal; text-decoration: none; font-family: Helvetica,Arial,sans-serif; font-size: 12pt;">Hi all,<br><br>Be advised that if you run MLXe with 5.8.00 > 5.8.00e, 5.9.00 ><br>5.9.00bd, or 6.0.00 > 6.0.00a, you should consider upgrading to the<br>latest release immediately.<br><br>A critical defect (DEFECT 617836) may cause unexpected MLX Line Card<br>reloads due to some IPSec packets received.<br><br>Regards,<br>-- <br>Clément Cavadore<br><br>_______________________________________________<br>foundry-nsp mailing list<br>foundry-nsp@puck.nether.net<br>http://puck.nether.net/mailman/listinfo/foundry-nsp</blockquote></div><br></div></body></html>