I have the following configuration on my ISR-1100:
crypto ikev2 authorization policy IKEV2-AUTH-POLICY
pool VPN-POOL
!
crypto ikev2 proposal IKEV2-PROPOSAL
encryption aes-gcm-256
group 16
!
!
!
crypto ikev2 profile AnyConnect-EAP
match identity remote key-id *$AnyConnectClient$*
authentication local rsa-sig
authentication remote anyconnect-eap aggregate
pki trustpoint CA-Self-Signed
aaa authentication anyconnect-eap VPN-AUTHEN-GROUP
aaa authorization group anyconnect-eap list VPN-AUTHOR-GROUP IKEV2-AUTH-POLICY
aaa authorization user anyconnect-eap cached
virtual-template 100
anyconnect profile ANYC
!
no crypto ikev2 http-url cert
Connection from AnyConnect generates the following error:
However, IOS XE doesn't support comp-lzs and there is no option to turn it off. I don't know how to fix this problem. Please help.