The IPSec tunnel does not come up on the PIX Firewall 525 when configured with AES 256-bit encryption. The IPSECmanual_key_stuffing): not enough auth keymat, 20 bytes needed for addr /prot 50/spi debug message is received
This issue is due to the presence of Cisco bug ID CSCsb48916.
When there is an attempt to configure IPSec LAN-to-LAN tunnels with manual keys and specify the Advanced Encryption Standard (AES) with a 256-bit encryption (esp-aes-256) in the transform set, the encapsulation fails.
To resolve this issue, perform one of these steps:
Change the IPSec keying method from IPSec to Internet Security Association and Key Management Protocol (ISAKMP).
Change the transform set to use an encryption type other than esp-aes-256 (such as esp-aes), or use ISAKMP for tunnel negotiation.
Upgrade to PIX Firewall version 6.3(5.103) or the latest available version.
Hi, We currently have 2 Cisco 5525X ASA's in active/standby state. We have 750 concurrent Anyconnect licenses with the below licenses:AC-PLSM-5YR-500-S & AC-PLSM-5YR-250-S. (These are expiring soon) I have asked to get these renewed by our l...
Hi all, I have problem on the logging type in Firepower management centre. It has: ALERT, CRIT, DEBUG, EMERG, ERR, INFO, NOTICE and WARNING. The defualt is ALERT. What is the selection include all? Is it INFO include ALERT and all informati...