I would be grateful if someone could give me a little pointer here please.
I have several routers all working fine with a DMVPN Hub (4331) acting as my CA. One spoke router however is stuck in MM_KEY_EXCH. It seems to me like the self signed cert is messing things up (CISCO_IDEVID_SUDI). I removed it and my VPN went to QM IDLE. A reload re-instates the cert as has been pointed out on several posts I reviewed.
I've been googling for an answer but I'm still none the wiser if there is a simple fix, profile, cert map etc.
*Jun 24 16:03:12.210: ISAKMP: (2045):using the CISCO_IDEVID_SUDI trustpoint's keypair to sign *Jun 24 16:03:14.362: ISAKMP-PAK: (2045):sending packet to X.X.X.X my_port 500 peer_port 500 (I) MM_KEY_EXCH *Jun 24 16:03:14.362: ISAKMP: (2045):Sending an IKE IPv4 Packet. *Jun 24 16:03:14.362: ISAKMP: (2045):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Jun 24 16:03:14.362: ISAKMP: (2045):Old State = IKE_I_MM4 New State = IKE_I_MM5
Would appreciate it if anyone has a tip. Happy to upgrade my IOS if needed.
Hi Team, I have one exclusion provided by internal team which is Is it right way to exclude ? *\Program Files\XYZ\* , as per Cisco Docs i see its not recommended because it will create performance issue when we use * at starting , So...
Central Log Management using Cisco Security Analytics and Logging, December 2nd at 8am-9:30am PT
Cisco Security Analytics and Logging is Cisco’s Central Log Management solution for Network Operations and Security Outcomes. It is delivered both as a c...
Cyberattacks are more sophisticated than ever and your online presence has never been more critical to the success of your business. Cisco, through its OEM partnership with Radware, can help secure your digital future by continuously monitoring...