I'm trying to solve a client VPN issue and I'm using my home 871W as a test platform. I seem to have angered my crypto engine though and have been unable to use that router for this purpose. The error I'm getting is:
003890: Jan 14 18:05:39.691 CST: select crypto engine: ce_engine does not accept the capabilities
The 871W should have hardware encryption, and this show output confirms that:
#sh cry en br crypto engine name: Virtual Private Network (VPN) Module crypto engine type: hardware State: Enabled Location: onboard 0 Product Name: Onboard-VPN FW Version: 1 Time running: 4294967 seconds Compression: Yes DES: Yes 3 DES: Yes AES CBC: Yes (128,192,256) AES CNTR: No Maximum buffer length: 4096 Maximum DH index: 0020 Maximum SA index: 0020 Maximum Flow index: 0040 Maximum RSA key size: 0000
The crypto map is applied to the upstream-facing interface. The config contains a legacy L2L that I could remove as well as much cvpn-split-tunnel client config work in progress.
Whenever I try VPN in or simply run sh run the config is processed and I get 21 lines of the error about (incrementing the numbers in the first column). It seems like I ran into issues with certain older routers not supporting certain crypto options. I can't recall what those were though. Does anyone recognize anything in my config that would be supported on a 871W running 12.4(24)T2 Adv IP?
PS==> From global config I've run 'crypto engine onboard 0' and 'crypto engine accelerator' to no avail. No crypto engine commands appear in the config.
Are you responsible for risk management, compliance management and auditing of a network?
If so, we’d like to speak with you to learn your current processes of enforcing compliance and managing risk to help us develop services that will ...
Once you've expanded Cisco Secure Endpoint connector deployment to about 50% of your licensed count (check out this article that shows you how to do that), it's time to put those connectors to action i.e. convert them to Protect from Audit mode for vari...
Hello! I’m Betsy, UX Researcher, on the Cisco+ Secure Connect Now team. Nice to meet you all .We have a short survey to learn about your Zero Trust Network Access (ZTNA) journey. Whether you have, plan to, or have not implemented a ...
A set of interface access rules can cause the Cisco Adaptive Security Appliance to permit or deny a designated host to access another particular host with a specific network application (service). When there is only one client, one host and one se...
How To: Cisco ISE Captive Portals with Aruba Wireless
Authors: Adam Hollifield, Brad Johnson
IntroductionPrerequisitesMinimum RequirementsComponents UsedConfigurationAruba Wireless ControllerWLAN CreationAuthentication ConfigurationRole & Policy Confi...