Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Has anyone here successfully get Site-2-Site VPN between a Cisco IOS router and PaloAlto working with IKEv2? I am at a loss here. Cisco TAC support is not very helpful. The TAC guy who help me is not very good with VPN. After going back and forth...
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191112-asa-ftd-lua-rce?emailclick=CNSemail It stated: A vulnerability in the implementation of the Lua interpreter integrated in Cisco Adaptive Security Appliance (ASA)...
I have a two node deployments, Primary Admin/MNT/PSN and Secondary Admin/MNT/PSN running ISE version 2.6 patch 2. This morning when I attempted to patch them with patch 3. I see this message in console: Application patch installation failed; Server=I...
I have problem with site-2-site IKEv2 VPN between Cisco IOS c2900-universalk9-mz.SPA.151-4.M10.bin and PaloAlto VPN version 8.1.11. I even tried to upgrade to IOS version c2900-universalk9-mz.SPA.157-3.M5.bin without much luck. The case is being look...
I am running ISE version 2.6 with patch 2 and everyday I am getting this message: Alarm Name : Active Directory diagnostic tool found issues Details : AcsSyslogContentAaaDiagnostics:: ACTIVE_DIRECTORY_DIAGNOSTIC_TOOL_ISSUES_FOUND need to complete Des...
@Aref Alsouqi wrote:I unfortunately don't lol. This is interesting, I tried it on my lab and I got the local option:VPN-ROUTER(config)#crypto ikev2 profile PaloAlto
VPN-ROUTER(config-ikev2-profile)#keyring ?
aaa AAA based keyring
local Local ...
@Aref Alsouqi: Are you working for Cisco, LOL? There is NO such command "keyring local PaloAlto" you mentioned? The Cisco TAC engineer kept fighting with me on this until I showed him that there is NO "local". I don't even have AAA enable on the ...
What you have does NOT apply in my situation because I have ONLY 1 VPN termination on that Cisco router with the Paloalto VPN and nothing else. DMVPN is a cisco "only" solution and has nothing to do with my situation here. Yes, I am very well aware ...
I already tried that and it does not work. If I replace the PaloAlto with another Cisco IOS router, same VPN termination and interesting traffic, it works without any issues with IKEv2.
