cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
273
Views
0
Helpful
0
Replies
Douglas Holmes
Beginner

PSK Showing for AnyConnect "Auth Verify" when using Certificates

ASA configured for AnyConnect to use certificates for authentication.   The command "show crypto ikev2 sa" shows the following:

Tunnel-id Local                                               Remote                                                  Status         Role

1999376289 28.15.231.16/4500                                22.69.29.52/38087                                        READY    RESPONDER

      Encr: AES-CBC, keysize: 256, Hash: SHA384, DH Grp:20, Auth sign: ECDSA, Auth verify: PSK  

      Life/Active Time: 28800/1347 sec

Child sa: local selector  0.0.0.0/0 - 255.255.255.255/65535

          remote selector 172.22.201.69/0 - 172.22.201.69/65535

          ESP spi in/out: 0xf4761104/0x5ae745c2 

 

Why does it show "PSK" for Auth Verify when no PSK is configured either in the configuration or the profile. 

Config file attached (cleansed).

 

Thanks.

 

Profile below:

 

<?xml version="1.0" encoding="UTF-8"?>
<AnyConnectProfile xmlns="http://schemas.xmlsoap.org/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schemas.xmlsoap.org/encoding/ AnyConnectProfile.xsd">
<ClientInitialization>
<UseStartBeforeLogon UserControllable="true">false</UseStartBeforeLogon>
<AutomaticCertSelection UserControllable="true">false</AutomaticCertSelection>
<ShowPreConnectMessage>false</ShowPreConnectMessage>
<CertificateStore>All</CertificateStore>
<CertificateStoreOverride>true</CertificateStoreOverride>
<ProxySettings>Native</ProxySettings>
<AllowLocalProxyConnections>true</AllowLocalProxyConnections>
<AuthenticationTimeout>12</AuthenticationTimeout>
<AutoConnectOnStart UserControllable="true">false</AutoConnectOnStart>
<MinimizeOnConnect UserControllable="true">true</MinimizeOnConnect>
<LocalLanAccess UserControllable="true">true</LocalLanAccess>
<ClearSmartcardPin UserControllable="true">true</ClearSmartcardPin>
<IPProtocolSupport>IPv4</IPProtocolSupport>
<AutoReconnect UserControllable="false">true
<AutoReconnectBehavior UserControllable="false">DisconnectOnSuspend</AutoReconnectBehavior>
</AutoReconnect>
<AutoUpdate UserControllable="false">true</AutoUpdate>
<RSASecurIDIntegration UserControllable="false">Automatic</RSASecurIDIntegration>
<WindowsLogonEnforcement>SingleLocalLogon</WindowsLogonEnforcement>
<WindowsVPNEstablishment>LocalUsersOnly</WindowsVPNEstablishment>
<AutomaticVPNPolicy>false</AutomaticVPNPolicy>
<PPPExclusion UserControllable="false">Disable
<PPPExclusionServerIP UserControllable="false"></PPPExclusionServerIP>
</PPPExclusion>
<EnableScripting UserControllable="false">false</EnableScripting>
<EnableAutomaticServerSelection UserControllable="false">false
<AutoServerSelectionImprovement>20</AutoServerSelectionImprovement>
<AutoServerSelectionSuspendTime>4</AutoServerSelectionSuspendTime>
</EnableAutomaticServerSelection>
<RetainVpnOnLogoff>false
</RetainVpnOnLogoff>
</ClientInitialization>
<ServerList>
<HostEntry>
<HostName>dornfest.happpy.local</HostName>
<HostAddress>dornfest.happy.local</HostAddress>
<PrimaryProtocol>IPsec</PrimaryProtocol>
</HostEntry>
</ServerList>
</AnyConnectProfile>

 

 

0 REPLIES 0
Content for Community-Ad