I'm trying to get a remote access VPN setup to a 2921-G2 with onboard hardware crypto engine running 15.2(2)T2 IOS. Remote users use StrongSwan as a VPN client.
I've configured both ends to use RSA certs for authentication and Suite B cryptographic suites, but when attempting to form a tunnel with the router, the authentication process fails with the following debug entries on the router:
*Aug 14 09:21:33.876: crypto_engine_select_crypto_engine: can't handle any more
*Aug 14 09:21:33.880: crypto_engine: no crypto engines available
*Aug 14 09:21:33.880: IKEv2:(SA ID = 1):[Crypto Engine -> IKEv2] Verification of signed authentication data FAILED
*Aug 14 09:21:33.880: CRYPTO_PKI: Application requested to expire the key
*Aug 14 09:21:33.880: CRYPTO_PKI: Expiring peer's cached key with key id 17
*Aug 14 09:21:33.880: IKEv2:(SA ID = 1):Failed to compute or verify a signature
All: I take it L2TP was removed on the ASA5500-x platform? Either that or it doesn't work in Clustered, Multi-context mode? Thanks, ~BAS-----------ASACLUSTER1/context0(config-group-policy)# vpn-tunnel-protocol ?group-policy mode commands/op...
Hi,I was trying to 2fa cisco duo , all the required settings done as per below . The problem is duo cloud does nti not getting any request from the asa . So I am not getting any code from the duo https://www.youtube.com/watch?v=6nEvmc8wji...
This event continues the conversation of our recent Community Ask Me Anything event "Secure Remote Workers".
To participate in this event, please use the button to ask your questions
Here’s your ch...
User Experience Enhancements
As part of the Cisco Common User Experience program, we are working towards a more uniform user experience and terminology alignment. This program runs across all Cisco security products.
Early Access introduces a...
This video features a step by step walk through of configuring Cisco AnyConnect on FTD managed by FMC. Timestamps included for certificate installation, Access Control, Licensing, NAT, and Deployment failures.