About mustafa.chapal

mustafa.chapal · 04-03-2023

Hi,I have a Cisco ASR 1001-X with adventerprise running Cisco IOS XE Software Version 16.06.06.Following are the router configs.The netflow output for interfaces BDI3194 and interface BDI1208 show no entries and I have confirmed traffic and packets a...

mustafa.chapal · 12-17-2022

Hi,I have two Cisco ISR 897VA routers with advanced IP services IOS on each site. Both the routers have one WAN/Outside interface with only one IP address assigned. Both routers are connected through IKEv2 Site to Site VPN tunnel and one of these rou...

mustafa.chapal · 11-17-2022

Hi, I have a Cisco ASR 1001-X with full-feed BGP from multiple upstreams and a /24 IP pool is advertised to them. When a peer 1.2.3.61 advertises a /32 route over BGP example 1.2.3.15/32 with community as 65001:666, the route-map is unable to replace...

mustafa.chapal · 11-17-2022

Hi, I have a Cisco ASR 1001-X with full-feed BGP from multiple upstreams and a /24 IP pool is advertised to them. When this peer 1.2.3.61 advertises a /32 route from the same /24 IP pool example 1.2.3.15/32 with community tagged as 65001:666, the ann...

mustafa.chapal · 07-12-2022

Hi,I have a Cisco ASR 1001-X router running on IOS-XE version 3.16.02.S with Advanced Enterprise license. The platform has multiple BGP connections with hundreds of VLAN interfaces. I would like to restrict SSH and SNMP access on all the interfaces e...

mustafa.chapal · 01-17-2023

Changed the group on both proposals to unique group like 19 and 20 resolved the issue of conflict and mismatch. crypto ikev2 proposal FlexVPN encryption aes-cbc-128 aes-cbc-256 aes-cbc-192 integrity sha256 group 19 crypto ikev2 proposal ikev2prop...

mustafa.chapal · 12-24-2022

@tvotna apologies for the confusion. I basically did vice versa, removed ikev2policy so following is the current configcrypto ikev2 policy FlexVPNproposal FlexVPNproposal ikev2proposal

mustafa.chapal · 12-21-2022

Changed the group to 14 and still not connecting. Following is the debug790304: Dec 21 17:25:51.499 Chicago: IKEv2:Received Packet [From 119.160.2.5:34148/To 96.65.7.4:500/VRF i0:f0] Initiator SPI : E765AFE7BFDA9793 - Responder SPI : 000000000000000...

mustafa.chapal · 12-19-2022

The priority is already like the one you mentioned in which FlexVPN is listed first. I am not sure if the bug affects our router IOS that is 15.7(3)M4a.I can not change the L2L algorithm to CBC but I can change anyconnect to GCM. Does anyconnect supp...

mustafa.chapal · 12-19-2022

Since the beginning either one works depending on which ikev2 policy i configure. When L2L tunnel is up, anyconnect flexvpn gives an errorafter entering credentials that the connection was terminated due to an authentication failure or timeout and th...

Member Since	‎11-24-2016 01:29 PM
Date Last Visited	‎04-11-2023 11:57 AM
Posts	57
Total Helpful Votes Received	25

User Statistics

User Activity

Netflow Bridge Domain Interface BDI Output

IKEv2 Policy Mismatch when both Remote Access and Site to Site VPN

Route Map not setting BGP Community

Dynamic Route /32 Redistribution over BGP

ASR 1001-X Restrict Port Access

Re: IKEv2 Policy Mismatch when both Remote Access and Site to Site VPN

Re: IKEv2 Policy Mismatch when both Remote Access and Site to Site VPN

Re: IKEv2 Policy Mismatch when both Remote Access and Site to Site VPN

Re: IKEv2 Policy Mismatch when both Remote Access and Site to Site VPN

Re: IKEv2 Policy Mismatch when both Remote Access and Site to Site VPN