Solved: IOS loses mschapv2 IKEv2 credentials between reloads

doka · ‎11-05-2019

Colleagues,

I'm using the following config:

service password-encryption
! key config-key password-encryption master_key (according to http://tinyurl.com/z5gu9xp)
password encryption aes
!
crypto ikev2 profile IKEv2-profile
 match identity remote fqdn f.q.d.n
 identity local email cisco
 authentication local eap mschapv2 username cisco password q1w2e3
 authentication remote rsa-sig
 pki trustpoint mypoint

and after every reboot it loses 'authentication local' statement, keeping me with the following:

crypto ikev2 profile IKEv2-profile
 ! Profile incomplete (no local and/or remote authentication method specified)
 match identity remote fqdn f.q.d.n
 identity local email cisco
 authentication remote rsa-sig
 pki trustpoint mypoint

Is it bug or feature and does it have any solution to prevent losing this part of config between reloads ?

#sh ver
Cisco IOS Software, C800 Software (C800-UNIVERSALK9-M), Version 15.6(3)M3, RELEASE SOFTWARE (fc2)
[ ... ]
Configuration register is 0x2102

Thank you.

doka · ‎11-12-2019

It seems this problem indirectly relates to https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd90410

I tested IOS 15.7(3)M2 - there is no this problem.

View solution in original post

doka · ‎11-12-2019

It seems this problem indirectly relates to https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd90410

I tested IOS 15.7(3)M2 - there is no this problem.