Showing results for 
Search instead for 
Did you mean: 

ANyconnect_CSR1000v_Crypto SSL profile

Level 1
Level 1

I have been trying to setup Anyconnect on CSR1000v


configured all commands as stated in @ 



But, when configuring the commands required for Crypto SSL profile, it is always saying that 


!Profile Incomplete (MUST have a policy matched and ssl authorization policy configured)


use-case that I am testing is , local username and password toestablish anyconnect to CSR1000v LAb router :-

configured as below 


aaa new-model

username XYZ privilege 15 password <XXX>

aaa authentication list sslvpn local

aaa authorization list anyconnect local

aaa authorization exec local 


crypto ssl profile <profileforanyconnect>

match policy <policyrefers to ssl proposal, trustpoint, ip/port>

aaa authentication user-pass list sslvpn
aaa authorization user user-pass list anyconnectvpn
authentication remote user-pass
!Profile Incomplete (MUST have a policy matched and ssl authorization policy configured)



I added SSL authorization policy (authorization policy) as well. But, That is not showing in configuration :-(  


I see that there is syntax change as well. could someone help me to bring this up. 


output for show crypto SSL profile :-


SSL Profile: <profilename>
Status: ACTIVE
Match Criteria:
URL: none
Policy: anyconnect-policy
AAA accounting List : local
AAA Authentication List : sslvpn
AAA Authorization User List : anyconnectvpn
User :
Cached : False
AAA Authorization Group List : none
Authentication Mode : user credentials
Interface : SSLVPN-VIF0
Max Users : 10000


router version:-

Cisco IOS XE Software, Version 16.12.01a
Cisco IOS Software [Gibraltar], 


could someone help me. @Marvin Rhoads 

0 Replies 0