Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Cisco Community
- Technology and Support
- Security
- VPN
- Who Me Too'd this topic
Who Me Too'd this topic
Anyconnect error: Authentication Failure or timeout
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-18-2021 11:36 AM - edited 05-18-2021 11:46 AM
Hi,
Once I confirm certificate(self signed) and after entering credentials i get the following authentication error:
I am using local AAA and credentials are correct.
Any input would be much appreciated.
Is this possibly a certificate error?
The router is a CA at the moment.
I included debug crypto ikev, AAA authentication and autherization
Many thanks in advanced!
Current configuration : 6532 bytes
!
! Last configuration change at 16:38:32 UTC Tue May 18 2021
!
version 15.7
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot system flash0:c2900-universalk9-mz.SPA.157-3.M3.bin
boot-end-marker
!
!
!
aaa new-model
!
!
aaa authentication login AAA_AUTHENTICATION_LOGIN local
aaa authorization network AAA_AUTHORIZATION_NETWORK local
!
!
!
!
!
!
aaa session-id common
!
!
!
!
!
!
!
!
!
!
!
!
ip domain name NWL.LAB
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
crypto pki server R1-CA
no database archive
issuer-name cn="R1-CA"
grant auto
!
crypto pki trustpoint R1-CA
revocation-check crl
rsakeypair R1-CA
!
crypto pki trustpoint R1-CLIENT
enrollment url http://192.168.1.1:80
subject-name cn=R1-CLIENT.LAB.NWL
revocation-check crl
!
!
crypto pki certificate chain R1-CA
certificate ca 01
308201F9 30820162 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
10310E30 0C060355 04031305 52312D43 41301E17 0D323130 35313831 34353333
305A170D 32343035 31373134 35333330 5A301031 0E300C06 03550403 13055231
2D434130 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
F0BD87AF 9E7CEE8F E594A8FC E74152EB CA2E4C7B 3E824249 F448E94E 510135C2
B4F8D804 20C13EC3 4DB30E47 854F4FC5 B497FAAD A3C03542 601BED1E D5ACFD0D
FB506400 F4181F69 95DE4DF0 D925362F 93C71C0E 53428858 F21CA879 C1A6E12E
C7781405 854DBCBC FFF6195F 41D4AFD1 A4FC4626 DCE4F893 93C0172E 812B1F4B
02030100 01A36330 61300F06 03551D13 0101FF04 05300301 01FF300E 0603551D
0F0101FF 04040302 0186301F 0603551D 23041830 16801448 817159D8 99FADAFD
41BAE703 BC67058E B2926930 1D060355 1D0E0416 04144881 7159D899 FADAFD41
BAE703BC 67058EB2 9269300D 06092A86 4886F70D 01010405 00038181 0021449A
35FB6FE0 CC05D08D DE708A9F 107CF73A C792324C 7979F415 46B6CD0E 19D5B1A3
2686DE11 2A6ED3FF B3E07C4D DB64EE7E A62F1B0B 6DADC4DE 7FD6187A 658D8AC3
0CA1F7C8 F7E4C9B9 967A2B2B 105012E5 EAB5492A 830B1D00 27907B7A CF3687BA
A2DB0523 5D6DD967 588D4AF7 6B69AE8F F515F934 B66E5D74 6EDFF1D5 E9
quit
crypto pki certificate chain R1-CLIENT
certificate 02
3082020C 30820175 A0030201 02020102 300D0609 2A864886 F70D0101 05050030
10310E30 0C060355 04031305 52312D43 41301E17 0D323130 35313831 34353933
375A170D 32323035 31383134 35393337 5A303731 1A301806 03550403 13115231
2D434C49 454E542E 4C41422E 4E574C31 19301706 092A8648 86F70D01 0902160A
52312E4E 574C2E4C 41423081 9F300D06 092A8648 86F70D01 01010500 03818D00
30818902 818100B2 1468C024 BE50C862 879E751C 67432243 8A0B8CE6 68107F45
0A9E84E7 A197DB52 BD274AE6 CF881EC0 2AE57EAB CEFE62FE 05DFD5FE 3D7A6485
1BC3EC73 613A5FA5 E8756A04 ADC003DE 30DE778B DDC8955D A7ED36BB C4BF1003
42215247 EB1E6AFD 745CF612 8DC7CA30 FC9B566B 571F3DDC 9F83D2C2 650542B5
5B40FBF6 ED7EB102 03010001 A34F304D 300B0603 551D0F04 04030205 A0301F06
03551D23 04183016 80144881 7159D899 FADAFD41 BAE703BC 67058EB2 9269301D
0603551D 0E041604 14804E74 653CFABF 1984788B 9A231896 829A34DC 3D300D06
092A8648 86F70D01 01050500 03818100 4CD4FEBF E026AC3D 893E16A3 F4328F46
A449F6F0 62D315D8 81B1983E 64DA304E CD89948B DF78C64F 03A3A3C3 65791C5D
586826AC FB29BBA9 399E7AEC 4347ECAB D4FEFBFE C28A9534 F7662794 0169BF7C
EA1A2638 B9081AED B36A94BF 1B5DF537 9C31FB4D 48D7B7ED 58284D15 FD221186
4AA3E3F8 AD461E8C D21E4069 8B9DD5B7
quit
certificate ca 01
308201F9 30820162 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
10310E30 0C060355 04031305 52312D43 41301E17 0D323130 35313831 34353333
305A170D 32343035 31373134 35333330 5A301031 0E300C06 03550403 13055231
2D434130 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
F0BD87AF 9E7CEE8F E594A8FC E74152EB CA2E4C7B 3E824249 F448E94E 510135C2
B4F8D804 20C13EC3 4DB30E47 854F4FC5 B497FAAD A3C03542 601BED1E D5ACFD0D
FB506400 F4181F69 95DE4DF0 D925362F 93C71C0E 53428858 F21CA879 C1A6E12E
C7781405 854DBCBC FFF6195F 41D4AFD1 A4FC4626 DCE4F893 93C0172E 812B1F4B
02030100 01A36330 61300F06 03551D13 0101FF04 05300301 01FF300E 0603551D
0F0101FF 04040302 0186301F 0603551D 23041830 16801448 817159D8 99FADAFD
41BAE703 BC67058E B2926930 1D060355 1D0E0416 04144881 7159D899 FADAFD41
BAE703BC 67058EB2 9269300D 06092A86 4886F70D 01010405 00038181 0021449A
35FB6FE0 CC05D08D DE708A9F 107CF73A C792324C 7979F415 46B6CD0E 19D5B1A3
2686DE11 2A6ED3FF B3E07C4D DB64EE7E A62F1B0B 6DADC4DE 7FD6187A 658D8AC3
0CA1F7C8 F7E4C9B9 967A2B2B 105012E5 EAB5492A 830B1D00 27907B7A CF3687BA
A2DB0523 5D6DD967 588D4AF7 6B69AE8F F515F934 B66E5D74 6EDFF1D5 E9
quit
license udi pid CISCO2921/K9 sn FCZ181960B7
!
!
username test password 0 cisco123
username tame password 0 tame2011
!
redundancy
!
crypto ikev2 authorization policy IKEV2_AUTHORIZATION_POLICY
pool VPN_POOL
dns 1.1.1.1
def-domain NWL.LAB
route set remote ipv4 1.1.1.1 255.255.255.255
!
crypto ikev2 proposal IKEV2_PROPOSAL
encryption aes-cbc-256
integrity sha256
group 15
!
!
!
crypto ikev2 profile IKEV2_PROFILE
match identity remote key-id *$AnyConnectClient$*
authentication local rsa-sig
authentication remote anyconnect-eap aggregate
pki trustpoint R1-CLIENT
aaa authentication anyconnect-eap AAA_AUTHENTICATION_LOGIN
aaa authorization group anyconnect-eap list AAA_AUTHORIZATION_NETWORK
virtual-template 1
!
!
!
!
!
!
crypto ipsec transform-set TRANSFORM_SET esp-aes 256 esp-sha256-hmac
mode tunnel
!
crypto ipsec profile IKEV2_PROFILE
set transform-set TRANSFORM_SET
set ikev2-profile IKEV2_PROFILE
!
!
!
!
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
!
interface Virtual-Template1 type tunnel
ip unnumbered Loopback0
ip mtu 1400
tunnel source GigabitEthernet0/0
tunnel mode ipsec ipv4
tunnel protection ipsec profile IKEV2_PROFILE
!
ip local pool VPN_POOL 192.168.10.5 192.168.10.10
ip forward-protocol nd
!
ip http server
no ip http secure-server
!
!
!
!
!
!
!
control-plane
!
!
vstack
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
transport input all
!
scheduler allocate 20000 1000
!
endMay 18 19:23:02.483: IKEv2:Received Packet [From 192.168.1.101:53924/To 192.168.1.1:500/VRF i0:f0] Initiator SPI : 56990E50ADB8675E - Responder SPI : 0000000000000000 Message id: 0 IKEv2 IKE_SA_INIT Exchange REQUEST Payload contents: SA KE N VID VID VID VID VID VID NOTIFY(NAT_DETECTION_SOURCE_IP) NOTIFY(NAT_DETECTION_DESTINATION_IP) VID CFG NOTIFY(REDIRECT_SUPPORTED) May 18 19:23:02.483: IKEv2:(SESSION ID = 28,SA ID = 1):Verify SA init message May 18 19:23:02.483: IKEv2:(SESSION ID = 28,SA ID = 1):Insert SA May 18 19:23:02.483: IKEv2:Searching Policy with fvrf 0, local address 192.168.1.1 May 18 19:23:02.483: IKEv2:Using the Default Policy for Proposal May 18 19:23:02.483: IKEv2:Found Policy 'default' May 18 19:23:02.483: IKEv2:(SESSION ID = 28,SA ID = 1):Processing IKE_SA_INIT message May 18 19:23:02.483: IKEv2:(SESSION ID = 28,SA ID = 1):Received valid config mode data May 18 19:23:02.483: IKEv2:Config data recieved: May 18 19:23:02.483: IKEv2:(SESSION ID = 28,SA ID = 1):Config-type: Config-request May 18 19:23:02.483: IKEv2:(SESSION ID = 28,SA ID = 1):Attrib type: unknown, length: 2, data: 0x2 0x40 May 18 19:23:02.483: IKEv2:IKEv2 responder - ignoring config data received in IKE_SA_INIT exch May 18 19:23:02.483: IKEv2:(SESSION ID = 28,SA ID = 1):Set received config mode data May 18 19:23:02.483: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Retrieve configured trustpoint(s) May 18 19:23:02.483: IKEv2:(SA ID = 1):[PKI -> IKEv2] Retrieved trustpoint(s): 'R1-CLIENT' 'R1-CA' May 18 19:23:02.483: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Get Public Key Hashes of trustpoints May 18 19:23:02.483: IKEv2:(SA ID = 1):[PKI -> IKEv2] Getting of Public Key Hashes of trustpoints PASSED May 18 19:23:02.483: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Start PKI Session May 18 19:23:02.483: IKEv2:(SA ID = 1):[PKI -> IKEv2] Starting of PKI Session PASSED May 18 19:23:02.483: IKEv2:(SESSION ID = 28,SA ID = 1):[IKEv2 -> Crypto Engine] Computing DH public key, DH Group 2 May 18 19:23:02.503: IKEv2:(SA ID = 1):[Crypto Engine -> IKEv2] DH key Computation PASSED May 18 19:23:02.503: IKEv2:(SESSION ID = 28,SA ID = 1):Request queued for computation of DH key May 18 19:23:02.503: IKEv2:(SESSION ID = 28,SA ID = 1):[IKEv2 -> Crypto Engine] Computing DH secret key, DH Group 2 May 18 19:23:02.523: IKEv2:(SA ID = 1):[Crypto Engine -> IKEv2] DH key Computation PASSED May 18 19:23:02.523: IKEv2:(SESSION ID = 28,SA ID = 1):Request queued for computation of DH secret May 18 19:23:02.523: IKEv2:(SA ID = 1):[IKEv2 -> Crypto Engine] Calculate SKEYSEED and create rekeyed IKEv2 SA May 18 19:23:02.523: IKEv2:(SA ID = 1):[Crypto Engine -> IKEv2] SKEYSEED calculation and creation of rekeyed IKEv2 SA PASSED May 18 19:23:02.523: IKEv2:IKEv2 responder - no config data to send in IKE_SA_INIT exch May 18 19:23:02.523: IKEv2:(SESSION ID = 28,SA ID = 1):Generating IKE_SA_INIT message May 18 19:23:02.523: IKEv2:(SESSION ID = 28,SA ID = 1):IKE Proposal: 2, SPI size: 0 (initial negotiation), Num. transforms: 4 AES-CBC SHA512 SHA512 DH_GROUP_1024_MODP/Group 2 May 18 19:23:02.523: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Retrieve configured trustpoint(s) May 18 19:23:02.523: IKEv2:(SA ID = 1):[PKI -> IKEv2] Retrieved trustpoint(s): 'R1-CLIENT' 'R1-CA' May 18 19:23:02.523: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Get Public Key Hashes of trustpoints May 18 19:23:02.523: IKEv2:(SA ID = 1):[PKI -> IKEv2] Getting of Public Key Hashes of trustpoints PASSED May 18 19:23:02.523: IKEv2:(SESSION ID = 28,SA ID = 1):Sending Packet [To 192.168.1.101:53924/From 192.168.1.1:500/VRF i0:f0] Initiator SPI : 56990E50ADB8675E - Responder SPI : F0CBD35705DD4B3D Message id: 0 IKEv2 IKE_SA_INIT Exchange RESPONSE Payload contents: SA KE N VID VID VID VID VID VID VID NOTIFY(NAT_DETECTION_SOURCE_IP) NOTIFY(NAT_DETECTION_DESTINATION_IP) CERTREQ NOTIFY(HTTP_CERT_LOOKUP_SUPPORTED) May 18 19:23:02.523: IKEv2:(SESSION ID = 28,SA ID = 1):Completed SA init exchange May 18 19:23:02.523: IKEv2:(SESSION ID = 28,SA ID = 1):Starting timer (30 sec) to wait for auth message May 18 19:23:02.555: IKEv2:(SESSION ID = 28,SA ID = 1):Received Packet [From 192.168.1.101:61436/To 192.168.1.1:500/VRF i0:f0] Initiator SPI : 56990E50ADB8675E - Responder SPI : F0CBD35705DD4B3D Message id: 1 IKEv2 IKE_AUTH Exchange REQUEST Payload contents: VID IDi CERTREQ CFG SA NOTIFY(IPCOMP_SUPPORTED) TSi TSr NOTIFY(INITIAL_CONTACT) NOTIFY(ESP_TFC_NO_SUPPORT) NOTIFY(NON_FIRST_FRAGS) May 18 19:23:02.555: IKEv2:(SESSION ID = 28,SA ID = 1):Stopping timer to wait for auth message May 18 19:23:02.555: IKEv2:(SESSION ID = 28,SA ID = 1):Checking NAT discovery May 18 19:23:02.555: IKEv2:(SESSION ID = 28,SA ID = 1):NAT OUTSIDE found May 18 19:23:02.555: IKEv2:(SESSION ID = 28,SA ID = 1):NAT detected float to init port 61436, resp port 4500 May 18 19:23:02.555: IKEv2:(SESSION ID = 28,SA ID = 1):Searching policy based on peer's identity '*$AnyConnectClient$*' of type 'key ID' May 18 19:23:02.555: IKEv2:found matching IKEv2 profile 'IKEV2_PROFILE' May 18 19:23:02.555: IKEv2:Searching Policy with fvrf 0, local address 192.168.1.1 May 18 19:23:02.555: IKEv2:Using the Default Policy for Proposal May 18 19:23:02.555: IKEv2:Found Policy 'default' May 18 19:23:02.555: IKEv2:(SESSION ID = 28,SA ID = 1):not a VPN-SIP session May 18 19:23:02.555: IKEv2:(SESSION ID = 28,SA ID = 1):Verify peer's policy May 18 19:23:02.555: IKEv2:(SESSION ID = 28,SA ID = 1):Peer's policy verified May 18 19:23:02.555: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Retrieving trustpoint(s) from received certificate hash(es) May 18 19:23:02.555: IKEv2:(SA ID = 1):[PKI -> IKEv2] Retrieved trustpoint(s): NONE May 18 19:23:02.555: IKEv2:% Received cert hash is invalid, using configured trustpoints from profile for signing May 18 19:23:02.555: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Getting cert chain for the trustpoint R1-CLIENT May 18 19:23:02.559: IKEv2:(SA ID = 1):[PKI -> IKEv2] Getting of cert chain for the trustpoint PASSED May 18 19:23:02.559: IKEv2:(SESSION ID = 28,SA ID = 1):Check for EAP exchange May 18 19:23:02.559: IKEv2:(SESSION ID = 28,SA ID = 1):Check for EAP exchange May 18 19:23:02.559: IKEv2:(SESSION ID = 28,SA ID = 1):Generate my authentication data May 18 19:23:02.559: IKEv2:[IKEv2 -> Crypto Engine] Generate IKEv2 authentication data May 18 19:23:02.559: IKEv2:[Crypto Engine -> IKEv2] IKEv2 authentication data generation PASSED May 18 19:23:02.559: IKEv2:(SESSION ID = 28,SA ID = 1):Get my authentication method May 18 19:23:02.559: IKEv2:(SESSION ID = 28,SA ID = 1):My authentication method is 'RSA' May 18 19:23:02.559: IKEv2:(SESSION ID = 28,SA ID = 1):Sign authentication data May 18 19:23:02.559: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Getting private key May 18 19:23:02.559: IKEv2:(SA ID = 1):[PKI -> IKEv2] Getting of private key PASSED May 18 19:23:02.559: IKEv2:(SA ID = 1):[IKEv2 -> Crypto Engine] Sign authentication data May 18 19:23:02.595: IKEv2:(SA ID = 1):[Crypto Engine -> IKEv2] Signing of authenticaiton data PASSED May 18 19:23:02.595: IKEv2:(SESSION ID = 28,SA ID = 1):Authentication material has been sucessfully signed May 18 19:23:02.595: IKEv2:(SESSION ID = 28,SA ID = 1):Generating AnyConnect EAP request May 18 19:23:02.595: IKEv2:(SESSION ID = 28,SA ID = 1):Sending AnyConnect EAP 'hello' request May 18 19:23:02.595: IKEv2:(SESSION ID = 28,SA ID = 1):Constructing IDr payload: '192.168.1.1' of type 'IPv4 address' May 18 19:23:02.595: IKEv2:(SESSION ID = 28,SA ID = 1):Building packet for encryption. Payload contents: VID IDr CERT CERT AUTH EAP May 18 19:23:02.599: IKEv2:(SESSION ID = 28,SA ID = 1):Sending Packet [To 192.168.1.101:61436/From 192.168.1.1:4500/VRF i0:f0] Initiator SPI : 56990E50ADB8675E - Responder SPI : F0CBD35705DD4B3D Message id: 1 IKEv2 IKE_AUTH Exchange RESPONSE Payload contents: ENCR May 18 19:23:02.599: IKEv2:(SESSION ID = 28,SA ID = 1):Starting timer (90 sec) to wait for auth message May 18 19:23:05.215: IKEv2:(SESSION ID = 28,SA ID = 1):Received Packet [From 192.168.1.101:61436/To 192.168.1.1:4500/VRF i0:f0] Initiator SPI : 56990E50ADB8675E - Responder SPI : F0CBD35705DD4B3D Message id: 2 IKEv2 IKE_AUTH Exchange REQUEST Payload contents: EAP May 18 19:23:05.215: IKEv2:(SESSION ID = 28,SA ID = 1):Stopping timer to wait for auth message May 18 19:23:05.219: IKEv2:(SESSION ID = 28,SA ID = 1):Processing AnyConnect EAP response May 18 19:23:05.219: IKEv2:(SESSION ID = 28,SA ID = 1):Checking for Dual Auth May 18 19:23:05.219: IKEv2:(SESSION ID = 28,SA ID = 1):Generating AnyConnect EAP AUTH request May 18 19:23:05.219: IKEv2:(SESSION ID = 28,SA ID = 1):Sending AnyConnect EAP 'auth-request' May 18 19:23:05.219: IKEv2:(SESSION ID = 28,SA ID = 1):Building packet for encryption. Payload contents: EAP May 18 19:23:05.219: IKEv2:(SESSION ID = 28,SA ID = 1):Sending Packet [To 192.168.1.101:61436/From 192.168.1.1:4500/VRF i0:f0] Initiator SPI : 56990E50ADB8675E - Responder SPI : F0CBD35705DD4B3D Message id: 2 IKEv2 IKE_AUTH Exchange RESPONSE Payload contents: ENCR May 18 19:23:05.219: IKEv2:(SESSION ID = 28,SA ID = 1):Starting timer (90 sec) to wait for auth message May 18 19:23:11.651: IKEv2:(SESSION ID = 28,SA ID = 1):Received Packet [From 192.168.1.101:61436/To 192.168.1.1:4500/VRF i0:f0] Initiator SPI : 56990E50ADB8675E - Responder SPI : F0CBD35705DD4B3D Message id: 3 IKEv2 IKE_AUTH Exchange REQUEST Payload contents: EAP May 18 19:23:11.655: IKEv2:(SESSION ID = 28,SA ID = 1):Stopping timer to wait for auth message May 18 19:23:11.655: IKEv2:(SESSION ID = 28,SA ID = 1):Processing AnyConnect EAP response May 18 19:23:11.655: AAA/BIND(00000037): Bind i/f May 18 19:23:11.655: IKEv2:Using authentication method list AAA_AUTHENTICATION_LOGIN May 18 19:23:11.655: AAA/AUTHEN/LOGIN (00000037): Pick method list 'AAA_AUTHENTICATION_LOGIN' May 18 19:23:11.655: IKEv2:(SA ID = 1):[IKEv2 -> AAA] Authentication request sent May 18 19:23:11.655: IKEv2-ERROR:AnyConnect EAP - failed to get author list May 18 19:23:11.655: IKEv2:Received response from aaa for AnyConnect EAP May 18 19:23:11.655: IKEv2:(SESSION ID = 28,SA ID = 1):Generating AnyConnect EAP VERIFY request May 18 19:23:11.659: IKEv2:(SESSION ID = 28,SA ID = 1):Sending AnyConnect EAP 'VERIFY' request May 18 19:23:11.659: IKEv2:(SESSION ID = 28,SA ID = 1):Building packet for encryption. Payload contents: EAP May 18 19:23:11.659: IKEv2:(SESSION ID = 28,SA ID = 1):Sending Packet [To 192.168.1.101:61436/From 192.168.1.1:4500/VRF i0:f0] Initiator SPI : 56990E50ADB8675E - Responder SPI : F0CBD35705DD4B3D Message id: 3 IKEv2 IKE_AUTH Exchange RESPONSE Payload contents: ENCR May 18 19:23:11.659: IKEv2:(SESSION ID = 28,SA ID = 1):Starting timer (90 sec) to wait for auth message May 18 19:23:11.663: IKEv2:(SESSION ID = 28,SA ID = 1):Received Packet [From 192.168.1.101:61436/To 192.168.1.1:4500/VRF i0:f0] Initiator SPI : 56990E50ADB8675E - Responder SPI : F0CBD35705DD4B3D Message id: 4 IKEv2 IKE_AUTH Exchange REQUEST Payload contents: EAP May 18 19:23:11.663: IKEv2:(SESSION ID = 28,SA ID = 1):Stopping timer to wait for auth message May 18 19:23:11.663: IKEv2:(SESSION ID = 28,SA ID = 1):Processing AnyConnect EAP ack response May 18 19:23:11.663: IKEv2:(SESSION ID = 28,SA ID = 1):Generating AnyConnect EAP success request May 18 19:23:11.663: IKEv2:(SESSION ID = 28,SA ID = 1):Sending AnyConnect EAP success status message May 18 19:23:11.663: IKEv2:(SESSION ID = 28,SA ID = 1):Building packet for encryption. Payload contents: EAP May 18 19:23:11.663: IKEv2:(SESSION ID = 28,SA ID = 1):Sending Packet [To 192.168.1.101:61436/From 192.168.1.1:4500/VRF i0:f0] Initiator SPI : 56990E50ADB8675E - Responder SPI : F0CBD35705DD4B3D Message id: 4 IKEv2 IKE_AUTH Exchange RESPONSE Payload contents: ENCR May 18 19:23:11.663: IKEv2:(SESSION ID = 28,SA ID = 1):Starting timer (90 sec) to wait for auth message May 18 19:23:11.667: IKEv2:(SESSION ID = 28,SA ID = 1):Received Packet [From 192.168.1.101:61436/To 192.168.1.1:4500/VRF i0:f0] Initiator SPI : 56990E50ADB8675E - Responder SPI : F0CBD35705DD4B3D Message id: 5 IKEv2 IKE_AUTH Exchange REQUEST Payload contents: AUTH May 18 19:23:11.667: IKEv2:(SESSION ID = 28,SA ID = 1):Stopping timer to wait for auth message May 18 19:23:11.667: IKEv2:(SESSION ID = 28,SA ID = 1):Send AUTH, to verify peer after EAP exchange May 18 19:23:11.667: IKEv2:(SESSION ID = 28,SA ID = 1):Verify peer's authentication data May 18 19:23:11.667: IKEv2:(SESSION ID = 28,SA ID = 1):Use preshared key for id *$AnyConnectClient$*, key len 64 May 18 19:23:11.667: IKEv2:[IKEv2 -> Crypto Engine] Generate IKEv2 authentication data May 18 19:23:11.667: IKEv2:[Crypto Engine -> IKEv2] IKEv2 authentication data generation PASSED May 18 19:23:11.667: IKEv2:(SESSION ID = 28,SA ID = 1):Verification of peer's authenctication data PASSED May 18 19:23:11.667: IKEv2:(SESSION ID = 28,SA ID = 1):Processing INITIAL_CONTACT May 18 19:23:11.667: IKEv2:Using mlist AAA_AUTHORIZATION_NETWORK and username tame for group author request May 18 19:23:11.667: AAA/BIND(00000038): Bind i/f May 18 19:23:11.667: AAA/AUTHOR (0x38): Pick method list 'AAA_AUTHORIZATION_NETWORK' May 18 19:23:11.667: IKEv2:(SA ID = 1):[IKEv2 -> AAA] Authorisation request sent - FAIL May 18 19:23:11.667: IKEv2:(SA ID = 1):[AAA -> IKEv2] Received AAA authorisation response May 18 19:23:11.671: IKEv2-ERROR:AAA authorization request failed May 18 19:23:11.671: IKEv2-ERROR:(SESSION ID = 0,SA ID = 1):AAA group authorization failed May 18 19:23:11.671: IKEv2-ERROR:(SESSION ID = 0,SA ID = 1): May 18 19:23:11.671: IKEv2:(SESSION ID = 28,SA ID = 1):Verification of peer's authentication data FAILED May 18 19:23:11.671: IKEv2:(SESSION ID = 28,SA ID = 1):Sending authentication failure notify May 18 19:23:11.671: IKEv2:(SESSION ID = 28,SA ID = 1):Building packet for encryption. Payload contents: NOTIFY(AUTHENTICATION_FAILED) May 18 19:23:11.671: IKEv2:(SESSION ID = 28,SA ID = 1):Sending Packet [To 192.168.1.101:61436/From 192.168.1.1:4500/VRF i0:f0] Initiator SPI : 56990E50ADB8675E - Responder SPI : F0CBD35705DD4B3D Message id: 5 IKEv2 IKE_AUTH Exchange RESPONSE Payload contents: ENCR May 18 19:23:11.671: IKEv2:(SESSION ID = 28,SA ID = 1):Auth exchange failed May 18 19:23:11.671: IKEv2-ERROR:(SESSION ID = 28,SA ID = 1):: Auth exchange failed May 18 19:23:11.671: IKEv2:(SESSION ID = 28,SA ID = 1):Abort exchange May 18 19:23:11.671: IKEv2:(SESSION ID = 28,SA ID = 1):Deleting SA May 18 19:23:11.671: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Close PKI Session May 18 19:23:11.671: IKEv2:(SA ID = 1):[PKI -> IKEv2] Closing of PKI Session PASSED May 18 19:28:14.359: IKEv2:Received Packet [From 192.168.1.101:55475/To 192.168.1.1:500/VRF i0:f0] Initiator SPI : D09BA6128C571BA9 - Responder SPI : 0000000000000000 Message id: 0 IKEv2 IKE_SA_INIT Exchange REQUEST Payload contents: SA KE N VID VID VID VID VID VID NOTIFY(NAT_DETECTION_SOURCE_IP) NOTIFY(NAT_DETECTION_DESTINATION_IP) VID CFG NOTIFY(REDIRECT_SUPPORTED) May 18 19:28:14.363: IKEv2:(SESSION ID = 29,SA ID = 1):Verify SA init message May 18 19:28:14.363: IKEv2:(SESSION ID = 29,SA ID = 1):Insert SA May 18 19:28:14.363: IKEv2:Searching Policy with fvrf 0, local address 192.168.1.1 May 18 19:28:14.363: IKEv2:Using the Default Policy for Proposal May 18 19:28:14.363: IKEv2:Found Policy 'default' May 18 19:28:14.363: IKEv2:(SESSION ID = 29,SA ID = 1):Processing IKE_SA_INIT message May 18 19:28:14.363: IKEv2:(SESSION ID = 29,SA ID = 1):Received valid config mode data May 18 19:28:14.363: IKEv2:Config data recieved: May 18 19:28:14.363: IKEv2:(SESSION ID = 29,SA ID = 1):Config-type: Config-request May 18 19:28:14.363: IKEv2:(SESSION ID = 29,SA ID = 1):Attrib type: unknown, length: 2, data: 0x2 0x40 May 18 19:28:14.363: IKEv2:IKEv2 responder - ignoring config data received in IKE_SA_INIT exch May 18 19:28:14.363: IKEv2:(SESSION ID = 29,SA ID = 1):Set received config mode data May 18 19:28:14.363: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Retrieve configured trustpoint(s) May 18 19:28:14.363: IKEv2:(SA ID = 1):[PKI -> IKEv2] Retrieved trustpoint(s): 'R1-CLIENT' 'R1-CA' May 18 19:28:14.363: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Get Public Key Hashes of trustpoints May 18 19:28:14.363: IKEv2:(SA ID = 1):[PKI -> IKEv2] Getting of Public Key Hashes of trustpoints PASSED May 18 19:28:14.363: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Start PKI Session May 18 19:28:14.363: IKEv2:(SA ID = 1):[PKI -> IKEv2] Starting of PKI Session PASSED May 18 19:28:14.363: IKEv2:(SESSION ID = 29,SA ID = 1):[IKEv2 -> Crypto Engine] Computing DH public key, DH Group 2 May 18 19:28:14.383: IKEv2:(SA ID = 1):[Crypto Engine -> IKEv2] DH key Computation PASSED May 18 19:28:14.383: IKEv2:(SESSION ID = 29,SA ID = 1):Request queued for computation of DH key May 18 19:28:14.383: IKEv2:(SESSION ID = 29,SA ID = 1):[IKEv2 -> Crypto Engine] Computing DH secret key, DH Group 2 May 18 19:28:14.403: IKEv2:(SA ID = 1):[Crypto Engine -> IKEv2] DH key Computation PASSED May 18 19:28:14.403: IKEv2:(SESSION ID = 29,SA ID = 1):Request queued for computation of DH secret May 18 19:28:14.403: IKEv2:(SA ID = 1):[IKEv2 -> Crypto Engine] Calculate SKEYSEED and create rekeyed IKEv2 SA May 18 19:28:14.403: IKEv2:(SA ID = 1):[Crypto Engine -> IKEv2] SKEYSEED calculation and creation of rekeyed IKEv2 SA PASSED May 18 19:28:14.403: IKEv2:IKEv2 responder - no config data to send in IKE_SA_INIT exch May 18 19:28:14.403: IKEv2:(SESSION ID = 29,SA ID = 1):Generating IKE_SA_INIT message May 18 19:28:14.403: IKEv2:(SESSION ID = 29,SA ID = 1):IKE Proposal: 2, SPI size: 0 (initial negotiation), Num. transforms: 4 AES-CBC SHA512 SHA512 DH_GROUP_1024_MODP/Group 2 May 18 19:28:14.403: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Retrieve configured trustpoint(s) May 18 19:28:14.403: IKEv2:(SA ID = 1):[PKI -> IKEv2] Retrieved trustpoint(s): 'R1-CLIENT' 'R1-CA' May 18 19:28:14.403: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Get Public Key Hashes of trustpoints May 18 19:28:14.403: IKEv2:(SA ID = 1):[PKI -> IKEv2] Getting of Public Key Hashes of trustpoints PASSED May 18 19:28:14.403: IKEv2:(SESSION ID = 29,SA ID = 1):Sending Packet [To 192.168.1.101:55475/From 192.168.1.1:500/VRF i0:f0] Initiator SPI : D09BA6128C571BA9 - Responder SPI : 65C48A6041771B07 Message id: 0 IKEv2 IKE_SA_INIT Exchange RESPONSE Payload contents: SA KE N VID VID VID VID VID VID VID NOTIFY(NAT_DETECTION_SOURCE_IP) NOTIFY(NAT_DETECTION_DESTINATION_IP) CERTREQ NOTIFY(HTTP_CERT_LOOKUP_SUPPORTED) May 18 19:28:14.403: IKEv2:(SESSION ID = 29,SA ID = 1):Completed SA init exchange May 18 19:28:14.403: IKEv2:(SESSION ID = 29,SA ID = 1):Starting timer (30 sec) to wait for auth message May 18 19:28:14.435: IKEv2:(SESSION ID = 29,SA ID = 1):Received Packet [From 192.168.1.101:55476/To 192.168.1.1:500/VRF i0:f0] Initiator SPI : D09BA6128C571BA9 - Responder SPI : 65C48A6041771B07 Message id: 1 IKEv2 IKE_AUTH Exchange REQUEST Payload contents: VID IDi CERTREQ CFG SA NOTIFY(IPCOMP_SUPPORTED) TSi TSr NOTIFY(INITIAL_CONTACT) NOTIFY(ESP_TFC_NO_SUPPORT) NOTIFY(NON_FIRST_FRAGS) May 18 19:28:14.439: IKEv2:(SESSION ID = 29,SA ID = 1):Stopping timer to wait for auth message May 18 19:28:14.439: IKEv2:(SESSION ID = 29,SA ID = 1):Checking NAT discovery May 18 19:28:14.439: IKEv2:(SESSION ID = 29,SA ID = 1):NAT OUTSIDE found May 18 19:28:14.439: IKEv2:(SESSION ID = 29,SA ID = 1):NAT detected float to init port 55476, resp port 4500 May 18 19:28:14.439: IKEv2:(SESSION ID = 29,SA ID = 1):Searching policy based on peer's identity '*$AnyConnectClient$*' of type 'key ID' May 18 19:28:14.439: IKEv2:found matching IKEv2 profile 'IKEV2_PROFILE' May 18 19:28:14.439: IKEv2:Searching Policy with fvrf 0, local address 192.168.1.1 May 18 19:28:14.439: IKEv2:Using the Default Policy for Proposal May 18 19:28:14.439: IKEv2:Found Policy 'default' May 18 19:28:14.439: IKEv2:(SESSION ID = 29,SA ID = 1):not a VPN-SIP session May 18 19:28:14.439: IKEv2:(SESSION ID = 29,SA ID = 1):Verify peer's policy May 18 19:28:14.439: IKEv2:(SESSION ID = 29,SA ID = 1):Peer's policy verified May 18 19:28:14.439: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Retrieving trustpoint(s) from received certificate hash(es) May 18 19:28:14.439: IKEv2:(SA ID = 1):[PKI -> IKEv2] Retrieved trustpoint(s): NONE May 18 19:28:14.439: IKEv2:% Received cert hash is invalid, using configured trustpoints from profile for signing May 18 19:28:14.439: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Getting cert chain for the trustpoint R1-CLIENT May 18 19:28:14.439: IKEv2:(SA ID = 1):[PKI -> IKEv2] Getting of cert chain for the trustpoint PASSED May 18 19:28:14.439: IKEv2:(SESSION ID = 29,SA ID = 1):Check for EAP exchange May 18 19:28:14.439: IKEv2:(SESSION ID = 29,SA ID = 1):Check for EAP exchange May 18 19:28:14.439: IKEv2:(SESSION ID = 29,SA ID = 1):Generate my authentication data May 18 19:28:14.439: IKEv2:[IKEv2 -> Crypto Engine] Generate IKEv2 authentication data May 18 19:28:14.439: IKEv2:[Crypto Engine -> IKEv2] IKEv2 authentication data generation PASSED May 18 19:28:14.439: IKEv2:(SESSION ID = 29,SA ID = 1):Get my authentication method May 18 19:28:14.439: IKEv2:(SESSION ID = 29,SA ID = 1):My authentication method is 'RSA' May 18 19:28:14.439: IKEv2:(SESSION ID = 29,SA ID = 1):Sign authentication data May 18 19:28:14.439: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Getting private key May 18 19:28:14.439: IKEv2:(SA ID = 1):[PKI -> IKEv2] Getting of private key PASSED May 18 19:28:14.439: IKEv2:(SA ID = 1):[IKEv2 -> Crypto Engine] Sign authentication data May 18 19:28:14.479: IKEv2:(SA ID = 1):[Crypto Engine -> IKEv2] Signing of authenticaiton data PASSED May 18 19:28:14.479: IKEv2:(SESSION ID = 29,SA ID = 1):Authentication material has been sucessfully signed May 18 19:28:14.479: IKEv2:(SESSION ID = 29,SA ID = 1):Generating AnyConnect EAP request May 18 19:28:14.479: IKEv2:(SESSION ID = 29,SA ID = 1):Sending AnyConnect EAP 'hello' request May 18 19:28:14.479: IKEv2:(SESSION ID = 29,SA ID = 1):Constructing IDr payload: '192.168.1.1' of type 'IPv4 address' May 18 19:28:14.479: IKEv2:(SESSION ID = 29,SA ID = 1):Building packet for encryption. Payload contents: VID IDr CERT CERT AUTH EAP May 18 19:28:14.479: IKEv2:(SESSION ID = 29,SA ID = 1):Sending Packet [To 192.168.1.101:55476/From 192.168.1.1:4500/VRF i0:f0] Initiator SPI : D09BA6128C571BA9 - Responder SPI : 65C48A6041771B07 Message id: 1 IKEv2 IKE_AUTH Exchange RESPONSE Payload contents: ENCR May 18 19:28:14.479: IKEv2:(SESSION ID = 29,SA ID = 1):Starting timer (90 sec) to wait for auth message May 18 19:28:39.419: IKEv2:(SESSION ID = 29,SA ID = 1):Received Packet [From 192.168.1.101:55476/To 192.168.1.1:4500/VRF i0:f0] Initiator SPI : D09BA6128C571BA9 - Responder SPI : 65C48A6041771B07 Message id: 2 IKEv2 IKE_AUTH Exchange REQUEST Payload contents: EAP May 18 19:28:39.423: IKEv2:(SESSION ID = 29,SA ID = 1):Stopping timer to wait for auth message May 18 19:28:39.423: IKEv2:(SESSION ID = 29,SA ID = 1):Processing AnyConnect EAP response May 18 19:28:39.423: IKEv2:(SESSION ID = 29,SA ID = 1):Checking for Dual Auth May 18 19:28:39.423: IKEv2:(SESSION ID = 29,SA ID = 1):Generating AnyConnect EAP AUTH request May 18 19:28:39.423: IKEv2:(SESSION ID = 29,SA ID = 1):Sending AnyConnect EAP 'auth-request' May 18 19:28:39.423: IKEv2:(SESSION ID = 29,SA ID = 1):Building packet for encryption. Payload contents: EAP May 18 19:28:39.423: IKEv2:(SESSION ID = 29,SA ID = 1):Sending Packet [To 192.168.1.101:55476/From 192.168.1.1:4500/VRF i0:f0] Initiator SPI : D09BA6128C571BA9 - Responder SPI : 65C48A6041771B07 Message id: 2 IKEv2 IKE_AUTH Exchange RESPONSE Payload contents: ENCR May 18 19:28:39.423: IKEv2:(SESSION ID = 29,SA ID = 1):Starting timer (90 sec) to wait for auth message May 18 19:28:55.315: IKEv2:(SESSION ID = 29,SA ID = 1):Received Packet [From 192.168.1.101:55476/To 192.168.1.1:4500/VRF i0:f0] Initiator SPI : D09BA6128C571BA9 - Responder SPI : 65C48A6041771B07 Message id: 3 IKEv2 IKE_AUTH Exchange REQUEST Payload contents: EAP May 18 19:28:55.315: IKEv2:(SESSION ID = 29,SA ID = 1):Stopping timer to wait for auth message May 18 19:28:55.315: IKEv2:(SESSION ID = 29,SA ID = 1):Processing AnyConnect EAP response May 18 19:28:55.315: AAA/BIND(00000039): Bind i/f May 18 19:28:55.315: IKEv2:Using authentication method list AAA_AUTHENTICATION_LOGIN May 18 19:28:55.315: AAA/AUTHEN/LOGIN (00000039): Pick method list 'AAA_AUTHENTICATION_LOGIN' May 18 19:28:55.315: IKEv2:(SA ID = 1):[IKEv2 -> AAA] Authentication request sent May 18 19:28:55.319: IKEv2-ERROR:AnyConnect EAP - failed to get author list May 18 19:28:55.319: IKEv2:Received response from aaa for AnyConnect EAP May 18 19:28:55.319: IKEv2:(SESSION ID = 29,SA ID = 1):Generating AnyConnect EAP VERIFY request May 18 19:28:55.319: IKEv2:(SESSION ID = 29,SA ID = 1):Sending AnyConnect EAP 'VERIFY' request May 18 19:28:55.319: IKEv2:(SESSION ID = 29,SA ID = 1):Building packet for encryption. Payload contents: EAP May 18 19:28:55.319: IKEv2:(SESSION ID = 29,SA ID = 1):Sending Packet [To 192.168.1.101:55476/From 192.168.1.1:4500/VRF i0:f0] Initiator SPI : D09BA6128C571BA9 - Responder SPI : 65C48A6041771B07 Message id: 3 IKEv2 IKE_AUTH Exchange RESPONSE Payload contents: ENCR May 18 19:28:55.319: IKEv2:(SESSION ID = 29,SA ID = 1):Starting timer (90 sec) to wait for auth message May 18 19:28:55.347: IKEv2:(SESSION ID = 29,SA ID = 1):Received Packet [From 192.168.1.101:55476/To 192.168.1.1:4500/VRF i0:f0] Initiator SPI : D09BA6128C571BA9 - Responder SPI : 65C48A6041771B07 Message id: 4 IKEv2 IKE_AUTH Exchange REQUEST Payload contents: EAP May 18 19:28:55.347: IKEv2:(SESSION ID = 29,SA ID = 1):Stopping timer to wait for auth message May 18 19:28:55.347: IKEv2:(SESSION ID = 29,SA ID = 1):Processing AnyConnect EAP ack response May 18 19:28:55.347: IKEv2:(SESSION ID = 29,SA ID = 1):Generating AnyConnect EAP success request May 18 19:28:55.347: IKEv2:(SESSION ID = 29,SA ID = 1):Sending AnyConnect EAP success status message May 18 19:28:55.351: IKEv2:(SESSION ID = 29,SA ID = 1):Building packet for encryption. Payload contents: EAP May 18 19:28:55.351: IKEv2:(SESSION ID = 29,SA ID = 1):Sending Packet [To 192.168.1.101:55476/From 192.168.1.1:4500/VRF i0:f0] Initiator SPI : D09BA6128C571BA9 - Responder SPI : 65C48A6041771B07 Message id: 4 IKEv2 IKE_AUTH Exchange RESPONSE Payload contents: ENCR May 18 19:28:55.351: IKEv2:(SESSION ID = 29,SA ID = 1):Starting timer (90 sec) to wait for auth message May 18 19:28:55.351: IKEv2:(SESSION ID = 29,SA ID = 1):Received Packet [From 192.168.1.101:55476/To 192.168.1.1:4500/VRF i0:f0] Initiator SPI : D09BA6128C571BA9 - Responder SPI : 65C48A6041771B07 Message id: 5 IKEv2 IKE_AUTH Exchange REQUEST Payload contents: AUTH May 18 19:28:55.351: IKEv2:(SESSION ID = 29,SA ID = 1):Stopping timer to wait for auth message May 18 19:28:55.351: IKEv2:(SESSION ID = 29,SA ID = 1):Send AUTH, to verify peer after EAP exchange May 18 19:28:55.351: IKEv2:(SESSION ID = 29,SA ID = 1):Verify peer's authentication data May 18 19:28:55.351: IKEv2:(SESSION ID = 29,SA ID = 1):Use preshared key for id *$AnyConnectClient$*, key len 64 May 18 19:28:55.351: IKEv2:[IKEv2 -> Crypto Engine] Generate IKEv2 authentication data May 18 19:28:55.351: IKEv2:[Crypto Engine -> IKEv2] IKEv2 authentication data generation PASSED May 18 19:28:55.355: IKEv2:(SESSION ID = 29,SA ID = 1):Verification of peer's authenctication data PASSED May 18 19:28:55.355: IKEv2:(SESSION ID = 29,SA ID = 1):Processing INITIAL_CONTACT May 18 19:28:55.355: IKEv2:Using mlist AAA_AUTHORIZATION_NETWORK and username test for group author request May 18 19:28:55.355: AAA/BIND(0000003A): Bind i/f May 18 19:28:55.355: AAA/AUTHOR (0x3A): Pick method list 'AAA_AUTHORIZATION_NETWORK' May 18 19:28:55.355: IKEv2:(SA ID = 1):[IKEv2 -> AAA] Authorisation request sent - FAIL May 18 19:28:55.355: IKEv2:(SA ID = 1):[AAA -> IKEv2] Received AAA authorisation response May 18 19:28:55.355: IKEv2-ERROR:AAA authorization request failed May 18 19:28:55.355: IKEv2-ERROR:(SESSION ID = 0,SA ID = 1):AAA group authorization failed May 18 19:28:55.355: IKEv2-ERROR:(SESSION ID = 0,SA ID = 1): May 18 19:28:55.355: IKEv2:(SESSION ID = 29,SA ID = 1):Verification of peer's authentication data FAILED May 18 19:28:55.355: IKEv2:(SESSION ID = 29,SA ID = 1):Sending authentication failure notify May 18 19:28:55.355: IKEv2:(SESSION ID = 29,SA ID = 1):Building packet for encryption. Payload contents: NOTIFY(AUTHENTICATION_FAILED) May 18 19:28:55.355: IKEv2:(SESSION ID = 29,SA ID = 1):Sending Packet [To 192.168.1.101:55476/From 192.168.1.1:4500/VRF i0:f0] Initiator SPI : D09BA6128C571BA9 - Responder SPI : 65C48A6041771B07 Message id: 5 IKEv2 IKE_AUTH Exchange RESPONSE Payload contents: ENCR May 18 19:28:55.355: IKEv2:(SESSION ID = 29,SA ID = 1):Auth exchange failed May 18 19:28:55.355: IKEv2-ERROR:(SESSION ID = 29,SA ID = 1):: Auth exchange failed May 18 19:28:55.359: IKEv2:(SESSION ID = 29,SA ID = 1):Abort exchange May 18 19:28:55.359: IKEv2:(SESSION ID = 29,SA ID = 1):Deleting SA May 18 19:28:55.359: IKEv2:(SA ID = 1):[IKEv2 -> PKI] Close PKI Session May 18 19:28:55.359: IKEv2:(SA ID = 1):[PKI -> IKEv2] Closing of PKI Session PASSED R1#
Labels:
- Labels:
-
AnyConnect
-
FlexVPN
-
VPN
