Hi I am new to networklessons
I have really managed to follow all lessons with no issues.
However I am trying set up a anyconnect remote flexVPN to my home lab using 2921 with IOS 15.7
I have follow all the steps appropriately.
I am unable to connect.
I used the debug crypto to try and see whats going on I am getting the following
May 15 17:25:52.115: IKEv2:(SESSION ID = 25,SA ID = 1):Verify SA init message *May 15 17:25:52.115: IKEv2:(SESSION ID = 25,SA ID = 1):Insert SA *May 15 17:25:52.115: IKEv2:Searching Policy with fvrf 0, local address 192.168.0.254 *May 15 17:25:52.115: IKEv2-ERROR:No Matching policy with fvrf 0, local addr 192.168.0.254 *May 15 17:25:52.115: IKEv2-ERROR:(SESSION ID = 25,SA ID = 1):: Failed to locate an item in the database *May 15 17:25:52.115: IKEv2:(SESSION ID = 25,SA ID = 1):Failed SA init exchange *May 15 17:25:52.119: IKEv2-ERROR:(SESSION ID = 25,SA ID = 1):Initial exchange failed: Initial exchange failed *May 15 17:25:52.119: IKEv2:(SESSION ID = 25,SA ID = 1):Abort exchange *May 15 17:25:52.119: IKEv2:(SESSION ID = 25,SA ID = 1):Deleting SA
Here is my current config just after the certificate:
crypto ikev2 authorization policy IKEV2_AUTHORIZATION_POLICY pool VPN_POOL dns 192.168.99.1 def-domain nwl.lab route set interface route set remote ipv4 192.168.99.1 255.255.255.255 ! crypto ikev2 proposal IKEV2_PROPOSAL encryption aes-cbc-256 integrity sha256 group 15 ! crypto ikev2 policy IKEV_POLICY ! Policy Incomplete(MUST have atleast one complete proposal attached) match fvrf any ! ! crypto ikev2 profile IKEV2_PROFILE match identity remote key-id *$AnyConnectClient$* authentication local rsa-sig authentication remote anyconnect-eap aggregate pki trustpoint R1-Client aaa authentication anyconnect-eap AAA_AUTHENTICATION_LOGIN aaa authorization group anyconnect-eap list AAA_AUTHORIZATION_NETWORK virtual-template 1 ! ! ! ! ! ! crypto ipsec transform-set TRANSFORM_SET esp-aes 256 esp-sha256-hmac mode tunnel ! crypto ipsec profile IKEV2_PROFILE set transform-set TRANSFORM_SET set ikev2-profile IKEV2_PROFILE ! ! ! ! ! ! ! interface Loopback99 description local address ip address 192.168.99.1 255.255.255.0 ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 ip address 192.168.0.254 255.255.255.0 duplex auto speed auto ! interface GigabitEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Virtual-Template1 type tunnel ip unnumbered Loopback99 ip mtu 1400 tunnel source GigabitEthernet0/0 tunnel mode ipsec ipv4 tunnel protection ipsec profile IKEV2_PROFILE ! ip local pool VPN_POOL 192.168.18.5 192.168.18.10 ip forward-protocol nd ! ip http server no ip http secure-server !
I would much appreciate if anyone can help!
This website a gemstone! fantastic resources!
Planning on passing A+/Network+ CCNA very soon studying wasn’t too bad considering I have IT background!
With the aid of this website my ultimate goal is CCNP. Nice to meet you all!