ā08-05-2024 08:31 PM
Issue - Group / Phase 1_id corrupted after s/w upgrade from 16.12.05 to 17.09.05a.
When doing a s/w upgrade it was noticed that some VPN connections weren't working, and when checked the output to the
Show Crypto Session Brief command was showing a corrupted group/phase 1 id.
Any ideas as to what could be causing this ??
In typing this, a thought has occurred - in the output below - the group / phase id with the IP addresses are P2P VPN connections, the others are using EZVPN - Has EZVPN been demised TOTALLY ?? hence the links not working ???
Thx
Output below -
Penn-VPN#sh cry session brief |
Peer I/F Username Group/Phase1_id Uptime Status |
555.555.555.555 Gi0/0/0 555.555.555.555 00:00:15 UA |
444.444.444.444 Gi0/0/0 444.444.444.444 00:01:37 UA |
666.666.666.666 Gi0/0/0 J` D |
777.777.777.777 Gi0/0/0 HB D |
888.888.888.888 Gi0/0/0 DN |
Solved! Go to Solution.
ā08-07-2024 07:57 AM
OK, so i've read the release notes - and it appears that MD5, 3DES etc are in the process of being demised if not already, so to move to a point where no-one is using them - Cisco have 'demised' them with this s/w release, well 17.7 onwards.
But if you need to use them the you need to apply this command -
crypto engine compliance shield disable |
And then do a reboot - that should fix the problem.
ā08-07-2024 07:57 AM
OK, so i've read the release notes - and it appears that MD5, 3DES etc are in the process of being demised if not already, so to move to a point where no-one is using them - Cisco have 'demised' them with this s/w release, well 17.7 onwards.
But if you need to use them the you need to apply this command -
crypto engine compliance shield disable |
And then do a reboot - that should fix the problem.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide