Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
856
Views
0
Helpful
0
Comments

Packets to an internal HTTPS server are dropped continuously by the inspection engine in the router with Cisco IOS Software Release 12.4

TCC_2
Level 10
Level 10

‎06-22-2009 04:46 PM - edited ‎03-08-2019 06:20 PM

Core issue

This issue occurs due to the presence of Cisco bug ID CSCsd27617.

The Advanced Encryption Standard (AES) password encryption corrupts the existing pre-shared key (PSK) on the router as described by Cisco bug ID CSCsd27617.

If a router's EzVPN Group name contains a "_"  such as group ezvpn_myclient key mytest and you add password encryption aes then IKE consistently fails with the wrong group PSK.

Resolution

In order to resolve this issue, delete and recreate the PSK (without " _ ") after you apply the AES password encryption.

Issue these commands:

          Router(config)#key config-key password-encryption [master key]
     Router(config)#password encryption aes

Note: Delete and re-create the PSK in the group configuration.

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents