12-14-2020 01:35 AM - edited 12-14-2020 02:11 AM
Hello everyone,
we are currently facing issues updating one of our CSR1000V from IOS XE 16.03 Denali to 16.09 Fuji, the problem is two-fold:
- configuration 'crypto map MAPNAME isakmp authorization list GROUP-LIST' doesn't seem to be supported anymore and throws an error on boot. The command is responsible for authorizing certain RADIUS groups in our configuration - dynamic configuration is applied from said RADIUS groups as well (split-tunnel acl, pool, etc.). This is used for Easy VPN peers as well as a few third party client connections (Mac OS-inbuilt client and Shrewsoft).
- Phase1 can't be established anymore between Easy VPN peers and the Gateway, even though isakmp policies haven't changed on the device
We have rolled back to 16.03. for now. Does anyone use a similar featureset and has faced similar issues?
Thanks a lot and best regards
Solved! Go to Solution.
12-14-2020 02:20 AM
EasyVPN has been retired and no longer supported. Reference here
https://www.cisco.com/c/en/us/obsolete/security/cisco-easy-vpn.html
However you can achieve the samething by using FlexVPN, that would require a reconfiguration of your devices to use IKEv2
HTH
12-14-2020 02:20 AM
EasyVPN has been retired and no longer supported. Reference here
https://www.cisco.com/c/en/us/obsolete/security/cisco-easy-vpn.html
However you can achieve the samething by using FlexVPN, that would require a reconfiguration of your devices to use IKEv2
HTH
12-14-2020 02:37 AM
I suspected as much - thanks for the Info @Rob Ingram.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide