Symptom
TCP-AO may not establish a session and keeps throwing error messages like:
%TCP-6-AOMISMATCH: TCP AO MAC Mismatch for connection from
Conditions
1. Running IOS XE
2. TCP-AO is properly configured on both sides
3. TCP-AO has configuration include-tcp-options
4. XE side sending SYN packets with trailing NOP options.
Workaround
1. disable include-tcp-options flag on both peers.
2. Avoid using SACK or timestamps (or others) TCP options.
Further Problem Description
Please note - this bug is specific to IOS-XE to IOS-XE scenario.
CSCvx80537 is for interoperability issue with XR or 3rd-party devices.
