cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
813
Views
0
Helpful
1
Replies

FlexVPN AnyConnect IKEv2 negotiation problem

dissco
Level 1
Level 1

I have the following configuration on my ISR-1100:

crypto ikev2 authorization policy IKEV2-AUTH-POLICY 
 pool VPN-POOL
!
crypto ikev2 proposal IKEV2-PROPOSAL
 encryption aes-gcm-256
 group 16
!
!
!
crypto ikev2 profile AnyConnect-EAP
 match identity remote key-id *$AnyConnectClient$*
 authentication local rsa-sig
 authentication remote anyconnect-eap aggregate
 pki trustpoint CA-Self-Signed
 aaa authentication anyconnect-eap VPN-AUTHEN-GROUP
 aaa authorization group anyconnect-eap list VPN-AUTHOR-GROUP IKEV2-AUTH-POLICY
 aaa authorization user anyconnect-eap cached
 virtual-template 100
 anyconnect profile ANYC
!
no crypto ikev2 http-url cert

Connection from AnyConnect generates the following error:

 2019-01-23 17.38.01.jpg

 

However, IOS XE doesn't support comp-lzs and there is no option to turn it off. I don't know how to fix this problem. Please help.

1 Reply 1

Please generate full debug and post it.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: