Hi I am new to networklessons
I have really managed to follow all lessons with no issues.
However I am trying set up a anyconnect remote flexVPN to my home lab using 2921 with IOS 15.7
I have follow all the steps appropriately.
I am unable to connect.
I used the debug crypto to try and see whats going on I am getting the following
May 15 17:25:52.115: IKEv2:(SESSION ID = 25,SA ID = 1):Verify SA init message
*May 15 17:25:52.115: IKEv2:(SESSION ID = 25,SA ID = 1):Insert SA
*May 15 17:25:52.115: IKEv2:Searching Policy with fvrf 0, local address 192.168.0.254
*May 15 17:25:52.115: IKEv2-ERROR:No Matching policy with fvrf 0, local addr 192.168.0.254
*May 15 17:25:52.115: IKEv2-ERROR:(SESSION ID = 25,SA ID = 1):: Failed to locate an item in the database
*May 15 17:25:52.115: IKEv2:(SESSION ID = 25,SA ID = 1):Failed SA init exchange
*May 15 17:25:52.119: IKEv2-ERROR:(SESSION ID = 25,SA ID = 1):Initial exchange failed: Initial exchange failed
*May 15 17:25:52.119: IKEv2:(SESSION ID = 25,SA ID = 1):Abort exchange
*May 15 17:25:52.119: IKEv2:(SESSION ID = 25,SA ID = 1):Deleting SA
Here is my current config just after the certificate:
crypto ikev2 authorization policy IKEV2_AUTHORIZATION_POLICY
pool VPN_POOL
dns 192.168.99.1
def-domain nwl.lab
route set interface
route set remote ipv4 192.168.99.1 255.255.255.255
!
crypto ikev2 proposal IKEV2_PROPOSAL
encryption aes-cbc-256
integrity sha256
group 15
!
crypto ikev2 policy IKEV_POLICY
! Policy Incomplete(MUST have atleast one complete proposal attached)
match fvrf any
!
!
crypto ikev2 profile IKEV2_PROFILE
match identity remote key-id *$AnyConnectClient$*
authentication local rsa-sig
authentication remote anyconnect-eap aggregate
pki trustpoint R1-Client
aaa authentication anyconnect-eap AAA_AUTHENTICATION_LOGIN
aaa authorization group anyconnect-eap list AAA_AUTHORIZATION_NETWORK
virtual-template 1
!
!
!
!
!
!
crypto ipsec transform-set TRANSFORM_SET esp-aes 256 esp-sha256-hmac
mode tunnel
!
crypto ipsec profile IKEV2_PROFILE
set transform-set TRANSFORM_SET
set ikev2-profile IKEV2_PROFILE
!
!
!
!
!
!
!
interface Loopback99
description local address
ip address 192.168.99.1 255.255.255.0
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address 192.168.0.254 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Virtual-Template1 type tunnel
ip unnumbered Loopback99
ip mtu 1400
tunnel source GigabitEthernet0/0
tunnel mode ipsec ipv4
tunnel protection ipsec profile IKEV2_PROFILE
!
ip local pool VPN_POOL 192.168.18.5 192.168.18.10
ip forward-protocol nd
!
ip http server
no ip http secure-server
!
I would much appreciate if anyone can help!
This website a gemstone! fantastic resources!
Planning on passing A+/Network+ CCNA very soon studying wasn’t too bad considering I have IT background!
With the aid of this website my ultimate goal is CCNP. Nice to meet you all!
I am glad to hear you like our work!