cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4139
Views
0
Helpful
1
Comments
latenaite2011
Level 4
Level 4

Hi Everyonem

 

Just wondering if anyone knows why I am getting an error that says "Cryptographic algorithms required by the secure gateway do not match those supported by AnyConnect.  Please contact your network administrator.".  See attached image too.

 

We just ugpraded to ASA 9.12(4)2 and Any connect client is running version 4.9.00086. The ASA is running on model ASA 5525-X.  The ASA version and Anyconnect version works on fine on other ASA running on FP2130.

 

The debug crypto isakmp policy 127 shows below (I disabled all group 2 and tried different policy as shown for policy 1 and still get the same error).

 

IKEv2-PROTO-2: (10): Failed to find a matching policy
IKEv2-PROTO-2: (10): Expected Policies:
Proposal 1:  AES-CBC-256 MD5 MD596 DH_GROUP_2048_MODP/Group 14
Proposal 2:  AES-CBC-192 SHA1 SHA96 DH_GROUP_1536_MODP/Group 5
Proposal 3:  AES-CBC-256 AES-CBC-192 AES-CBC-128 SHA512 SHA384 SHA256 SHA1 SHA512 SHA384 SHA256 SHA96 DH_GROUP_2048_MODP/Group 14
Proposal 4:  3DES SHA1 SHA96 DH_GROUP_1536_MODP/Group 5

Proposal 5:  DES SHA1 SHA96 DH_GROUP_1536_MODP/Group 5
Proposal 6:  AES-CBC-256 SHA1 SHA256 DH_GROUP_1536_MODP/Group 5

 

The debugs seem show what I have configured for the isakmp policy and it was showing aes-cbc-256 and sha\group 5 before which is what I configured.  Nothing worked so not sure what it is.

 

Also, the issue only exists if the Anyconnect clients use the fqdn to connect (vpn.x.x.x.com) and works fine by IP.

 

Does anyone have any suggestions?
IKEv2-PROTO-2: (10): Failed to find a matching policy

1 Comment
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: