cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

1730
Views
0
Helpful
1
Replies
Highlighted
Beginner

IKEV2 Problem

Hallo All , 

 

I am trying to configure IKEV2 with SVTI but I am facing following error, could you guide me about that. 

****************************************************

R4#show crypto ikev2 sa
 IPv4 Crypto IKEv2  SA
 
Tunnel-id Local                 Remote                fvrf/ivrf            Status
1         192.168.2.4/500       192.168.12.1/500      none/none            IN-NEG
      Encr: Unknown - 0, Hash: None, DH Grp:0, Auth sign: Unknown - 0, Auth verify: Unknown - 0
      Life/Active Time: 86400/0 sec
 
 IPv6 Crypto IKEv2  SA
**************************************************** 
R1#show crypto ikev2 sa
 IPv4 Crypto IKEv2  SA
 
Tunnel-id Local                 Remote                fvrf/ivrf            Status
1         192.168.12.1/500      192.168.2.1/500       none/none            IN-NEG
      Encr: Unknown - 0, Hash: None, DH Grp:0, Auth sign: Unknown - 0, Auth verify: Unknown - 0
      Life/Active Time: 86400/0 sec
 
 IPv6 Crypto IKEv2  SA
 
 
 

****************************************************

R1#show running-config | sec crypto
crypto ikev2 proposal IKEv2_PROPOSAL
 encryption aes-cbc-256 aes-cbc-192 3des
 integrity sha512 sha256 md5
 group 14 5 2
crypto ikev2 policy IKEv2_POLICY
 match fvrf any
 proposal IKEv2_PROPOSAL
crypto ikev2 keyring IKEv2_KEYRING
 peer R4
  address 192.168.2.1
  pre-shared-key local cisco
  pre-shared-key remote cisco
 !
crypto ikev2 profile IKEv2_PROFILE
 match identity remote address 192.168.2.1 255.255.255.255
 identity local address 192.168.12.1
 authentication remote pre-share
 authentication local pre-share
 keyring local IKEv2_KEYRING
crypto ikev2 fragmentation mtu 100
crypto ipsec transform-set IPSEC_TRANSFORM1 esp-aes 256 esp-sha512-hmac
 mode tunnel
crypto ipsec profile IPSEC_PROFILE
 set transform-set IPSEC_TRANSFORM1
 set ikev2-profile IKEv2_PROFILE
****************************************************
R4#show running-config | sec crypto
crypto ikev2 proposal IKEv2_PROPOSAL
 encryption aes-cbc-256 aes-cbc-192 3des
 integrity sha512 sha256 md5
 group 14 5 2
crypto ikev2 policy IKEv2_POLICY
 match fvrf any
 proposal IKEv2_PROPOSAL
crypto ikev2 keyring IKEv2_KEYRING
 peer R1
  address 192.168.12.1
  pre-shared-key local cisco
  pre-shared-key remote cisco
 !
crypto ikev2 profile IKEv2_PROFILE
 match identity remote address 192.168.12.1 255.255.255.255
 identity local address 192.168.2.1
 authentication remote pre-share
 authentication local pre-share
 keyring local IKEv2_KEYRING
crypto ikev2 fragmentation mtu 100
crypto ipsec transform-set IPSEC_TRANSFORM1 esp-aes 256 esp-sha512-hmac
 mode tunnel
crypto ipsec profile IPSEC_PROFILE
 set transform-set IPSEC_TRANSFORM1
 set ikev2-profile IKEv2_PROFILE
**************************************************** 

 

 With Regards.

Waheed

 

 
 
 
1 REPLY 1
VIP Advocate

Re: IKEV2 Problem

Hi,

Configuration is looking same. Can you verify your IOS version on your device because we noticed the bug also for the same. 

 

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCua90097/?referring_site=bugquickviewredir

 

Regards,

Deepak Kumar

 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution If this comment will make help you!