Cisco Bug: CSCtc45482 - ASA ISAKMP MM1 not sent out for l2l rsa-sig auth configured via asdm
Nov 08, 2016
- Cisco ASA 5500-X Series Firewalls
Known Affected Releases
Symptom: The IPSEC lan2lan initiated from an ASA 8.0.3 does not start and logs : %ASA-7-609001: Built local-host NP Identity Ifc:10.48.67.52 %ASA-7-609001: Built local-host outside:10.48.66.1 %ASA-7-609002: Teardown local-host NP Identity Ifc:10.48.67.52 duration 0:00:00 %ASA-7-609002: Teardown local-host outside:10.48.66.1 duration 0:00:00 %ASA-7-715077: Pitcher: received a key acquire message, spi 0x0 %ASA-7-713906: Initiator failed to open cert context %ASA-3-713902: Removing peer from peer table failed, no match! Conditions: This happens with rsa-sig authentication when the certificate is imported via ASDM. Via ASDM, one trustpoint is configured per certificate : one for the CA, one for the identity certificate.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases