cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
372
Views
0
Helpful
0
Replies
Highlighted
Beginner
Beginner

ANyconnect_CSR1000v_Crypto SSL profile

I have been trying to setup Anyconnect on CSR1000v

 

configured all commands as stated in @https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_sslvpn/configuration/xe-16-12/sec-conn-sslvpn-xe-16-12-book/sec-conn-sslvpn-ssl-vpn.html 

 

 

But, when configuring the commands required for Crypto SSL profile, it is always saying that 

 

!Profile Incomplete (MUST have a policy matched and ssl authorization policy configured)

 

use-case that I am testing is , local username and password toestablish anyconnect to CSR1000v LAb router :-

configured as below 

 

aaa new-model

username XYZ privilege 15 password <XXX>

aaa authentication list sslvpn local

aaa authorization list anyconnect local

aaa authorization exec local 

 

crypto ssl profile <profileforanyconnect>

match policy <policyrefers to ssl proposal, trustpoint, ip/port>

aaa authentication user-pass list sslvpn
aaa authorization user user-pass list anyconnectvpn
authentication remote user-pass
!Profile Incomplete (MUST have a policy matched and ssl authorization policy configured)

 

 

I added SSL authorization policy (authorization policy) as well. But, That is not showing in configuration :-(  

 

I see that there is syntax change as well. could someone help me to bring this up. 

 

output for show crypto SSL profile :-

 

SSL Profile: <profilename>
Status: ACTIVE
Match Criteria:
URL: none
Policy: anyconnect-policy
AAA accounting List : local
AAA Authentication List : sslvpn
AAA Authorization User List : anyconnectvpn
User :
Cached : False
AAA Authorization Group List : none
Authentication Mode : user credentials
Interface : SSLVPN-VIF0
Status: DISABLE
Max Users : 10000

 

router version:-

Cisco IOS XE Software, Version 16.12.01a
Cisco IOS Software [Gibraltar], 

 

could someone help me. @Marvin Rhoads 

0 REPLIES 0