Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3983
Views
0
Helpful
2
Replies

IKEV2 Problem

UniWAQ
Level 1
Level 1

‎02-22-2018 04:45 PM - edited ‎03-12-2019 05:03 AM

Hallo All , 

 

I am trying to configure IKEV2 with SVTI but I am facing following error, could you guide me about that. 

****************************************************

R4#show crypto ikev2 sa
 IPv4 Crypto IKEv2  SA
 
Tunnel-id Local                 Remote                fvrf/ivrf            Status
1         192.168.2.4/500       192.168.12.1/500      none/none            IN-NEG
      Encr: Unknown - 0, Hash: None, DH Grp:0, Auth sign: Unknown - 0, Auth verify: Unknown - 0
      Life/Active Time: 86400/0 sec
 
 IPv6 Crypto IKEv2  SA
**************************************************** 
R1#show crypto ikev2 sa
 IPv4 Crypto IKEv2  SA
 
Tunnel-id Local                 Remote                fvrf/ivrf            Status
1         192.168.12.1/500      192.168.2.1/500       none/none            IN-NEG
      Encr: Unknown - 0, Hash: None, DH Grp:0, Auth sign: Unknown - 0, Auth verify: Unknown - 0
      Life/Active Time: 86400/0 sec
 
 IPv6 Crypto IKEv2  SA
 
 
 

****************************************************

R1#show running-config | sec crypto
crypto ikev2 proposal IKEv2_PROPOSAL
 encryption aes-cbc-256 aes-cbc-192 3des
 integrity sha512 sha256 md5
 group 14 5 2
crypto ikev2 policy IKEv2_POLICY
 match fvrf any
 proposal IKEv2_PROPOSAL
crypto ikev2 keyring IKEv2_KEYRING
 peer R4
  address 192.168.2.1
  pre-shared-key local cisco
  pre-shared-key remote cisco
 !
crypto ikev2 profile IKEv2_PROFILE
 match identity remote address 192.168.2.1 255.255.255.255
 identity local address 192.168.12.1
 authentication remote pre-share
 authentication local pre-share
 keyring local IKEv2_KEYRING
crypto ikev2 fragmentation mtu 100
crypto ipsec transform-set IPSEC_TRANSFORM1 esp-aes 256 esp-sha512-hmac
 mode tunnel
crypto ipsec profile IPSEC_PROFILE
 set transform-set IPSEC_TRANSFORM1
 set ikev2-profile IKEv2_PROFILE
****************************************************
R4#show running-config | sec crypto
crypto ikev2 proposal IKEv2_PROPOSAL
 encryption aes-cbc-256 aes-cbc-192 3des
 integrity sha512 sha256 md5
 group 14 5 2
crypto ikev2 policy IKEv2_POLICY
 match fvrf any
 proposal IKEv2_PROPOSAL
crypto ikev2 keyring IKEv2_KEYRING
 peer R1
  address 192.168.12.1
  pre-shared-key local cisco
  pre-shared-key remote cisco
 !
crypto ikev2 profile IKEv2_PROFILE
 match identity remote address 192.168.12.1 255.255.255.255
 identity local address 192.168.2.1
 authentication remote pre-share
 authentication local pre-share
 keyring local IKEv2_KEYRING
crypto ikev2 fragmentation mtu 100
crypto ipsec transform-set IPSEC_TRANSFORM1 esp-aes 256 esp-sha512-hmac
 mode tunnel
crypto ipsec profile IPSEC_PROFILE
 set transform-set IPSEC_TRANSFORM1
 set ikev2-profile IKEv2_PROFILE
**************************************************** 

 

 With Regards.

Waheed

 

 
 
 
2 people had this problem
Labels:
0 Helpful
2 Replies 2

Deepak Kumar
VIP Alumni
VIP Alumni

‎02-23-2018 12:12 AM

Hi,

Configuration is looking same. Can you verify your IOS version on your device because we noticed the bug also for the same. 

 

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCua90097/?referring_site=bugquickviewredir

 

Regards,

Deepak Kumar

 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful

amekhanoshin
Level 1
Level 1

‎12-11-2019 11:08 PM - edited ‎12-11-2019 11:13 PM

Sorry, wrong branch. Please delete/ignore this.

 

0 Helpful
Customers Also Viewed These Support Documents