Hi, every few weeks we have an issue with one VPN tunnel during rekeying. The logs show following message:%ASA-4-750003: Local:x.x.x.x:500 Remote:y.y.y.y:500 Username:y.y.y.y IKEv2 Negotiation aborted due to ERROR: Create child exchange failed HW is ...
Hi, we're currently deploying a VPN profile customized for a customer, but we are facing some issues there.The customer wants to have following behavior: 1) Seamless automatic VPN-connection at startup (always-on profile with machine-cert auth)2) Use...
Hi, we currently face an issue again regarding AnyConnect and the profile handling. We have an old, manual connection profile (Profile A) that will be replaced by a new Always-On, SSO (machine-certificate) profile (Profile B). As soon as we replace t...
Hi, we have a request from a customer to create a new VPN remote access with smartcard.Customer already uses different profiles, one with simple user/pw credentials, another one with RSA tokencode, and a third one with machine certificate. Now, he wa...
Hi, we have an issue with our backups / backup performance / loadbalancing. We have a few DMZ servers, where the only possible backup is via the frontend, so communication via Firewall.The Firewall is an ASA, connected via 6x1G Copper Portchannel to ...
Hi, not sure if you understood correctly: lifetime seconds 14400 -> on both sides the samelifetime kilobytes -> not supported on other side, so no default value (will never rekey after a certain amount of data is reached = unlimited)Therefore we can'...
sorry, somehow the last 2 lines were cut off during copy and paste.We already have configured the lifetime as unlimited, since the counterpart requires this.I've edited my post with the config above and added the missing lines.I'm not sure if this "...
PFS is configured. as mentioned it works 99% of the time.Rekeying occurs every few hours, the connection is stable for many weeks, but then it suddenly fails during rekeying with this message.
Hi Joseph, you may be right - I've just checked one of our ISR4331, there it is possible to add the bandwidth 1 under the class default, which is not possible on our old 2800. So your assumption regarding IOS/model may be right.I just need to test th...
