Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
838
Views
0
Helpful
1
Replies

IOS - Anyconnect IPSec IKEv2 with Cert fails

ALAN HAMMOND
Level 1
Level 1

‎03-04-2016 12:06 PM - edited ‎02-21-2020 08:43 PM

Trying to use 2921 running IOS 15.3(3)M for remote access - IPSec, IKEv2 with certs and Anyconnect 3.1.13015.

739876: Mar  4 19:29:54.037: IKEv2:(SA ID = 1):[PKI -> IKEv2] Validation of certificate chain PASSED
739877: Mar  4 19:29:54.037: IKEv2:(SESSION ID = 68,SA ID = 1):Save pubkey
739878: Mar  4 19:29:54.041: IKEv2:(SESSION ID = 68,SA ID = 1):: Failed to validate the certificate

Certificate was exported with private key and imported on client, attached screen capture shows correct EKU.

Attached are router debug, relevant config and anyconnect side debug.

Any help would be appreciated.

Labels:
Preview file
40 KB
Preview file
5 KB
Preview file
12 KB
Preview file
2 KB
0 Helpful
1 Reply 1

Philip D'Ath
VIP Alumni
VIP Alumni

‎03-06-2016 05:12 PM

This is a difficult task.  I wrote this guide about how to do it.

http://www.ifm.net.nz/cookbooks/Cisco-IOS-router-IKEv2-AnyConnect-Suite-B-Crypto.html

As a tip - don't even try getting this to work unless you are running 15.4(3)M4 or better.

0 Helpful
Customers Also Viewed These Support Documents