Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I've set up a new Cisco Cat 8000v with IPsec site-to-site and IPsec client VPN. The site-to-site is working fine, however the IPsec client VPN hasn't worked. I've followed the instructions in the following link from Cisco:https://www.cisco.com/c/en/u...
Hi,I'm struggling to configure a remote access VPN on a Cisco router. I can configure RA on a Cisco firewall and I can configure site-to-site on a firewall and a Cisco router. Anyone can advise me with some document? What I have found so far haven't ...
Hi !
I have a multicast setup in my network using PIM-ASM.
For some reason a router in my network stopped responding to IGMP requests. Although the show commands for IGMP showed everything works. Has anyone experienced the same thing? I’m planning to...
Hi, I've had 2 routers that are configured with iBGP. Each one of these routers are connected to an external provider with eBGP. I setup a new router with full mesh iBGP and when I connect it to the external provider i get logs saying that R1 and R2 ...
I have set up an IPsec VPN tunnel. It worked fine at the beginning but then all of sudden the traffic stopped passing the tunnel, although the tunnel is still up.
When I do show crypto ipsec sa peer X.X.X.X detail I can see "pkts no sa (send) 65"
-...
I get cert warning only when connecting with SSL, not IPsec. Yes, I'm using Cisco Secure Client. I have tested now using the subject name, unfortunately, still the same error.The logs in the Secure Client shows: Connecting XXX.Ready to connect.
Thanks @Rob Ingram !
I have exported the cert from the router and imported to the PC. The cert i'm using in the router is a self-sign cert generated on the router. It works fine when I use SSL VPN, but the SSL VPN works only with local authentication...
Thank @Flavio Miranda !
I've imported the cert to the Windows Trusted cert but unfortunately it didn't make any difference. You may see the debug logs.
Do you mean should I remove:
match identity remote key-id *$AnyConnectClient$*
I did and unfortunately it didn't help. The logs however doesn't show the same error as earlier.
As for the ikev2 policy and proposal, they both are there. And for cert...
Do you mean that I need to add the profiles to the client's PC? I already did that according to the guide, but it didn't help.
C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile
As for a profile for SSL, I didn't create one, since i...
