Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
321
Views
1
Helpful
1
Replies

IKEv2-ERROR

PhoenixNetwork
Level 1
Level 1

‎11-17-2024 11:20 PM - edited ‎11-17-2024 11:33 PM

I am working with the Cisco Catalyst IR1101 router, which run the ir1101-universalk9.17.12.04 firmware. I have been trying to configure a site to site tunnel. 

If I start the router up with the default factory configuration and add these lines 1 by 1:

crypto ikev2 keyring MYKEYRING 
 peer SITE-A
 address 10.10.10.10
 pre-shared-key ABCABCABC

crypto ikev2 proposal SITE-A-PROP
 encryption aes-cbc-256

The IKEv2 debug log will show me this error message:
IKEv2-ERROR:
: unable to convert to cipher

If I add another line:
 integrity sha256

Then I get this IKEv2 error message:
IKEv2-ERROR:
: unable to convert to mac

When choosing encryption, I get these 7 options:

3des
aes-cbc-128
aes-cbc-192
aes-cbc-256
aes-gcm-128
aes-gcm-256
des DES

I get the IKEv2 error on the encryption part, when I choose any of the aes-cbc encryption.I will need to use aes-cbc-256.

Any help would be appreciated.

 

 

 

 

Labels:
1 Reply 1

MHM Cisco World
VIP
VIP

‎11-17-2024 11:54 PM

It hardware router limitations' you can not select aes-cbc' you need to select des or 3des.

MHM

0 Helpful
Customers Also Viewed These Support Documents