Cisco Bug: CSCuq80474 - DOC:WSG-SAN is an absolute requirement if self-id is IP address
Feb 03, 2017
- Cisco 7600 Wireless Security Gateway
Known Affected Releases
Symptom: The following debugs seen: [Thu Aug 28 07:01:33.297 UTC] SshCertDB/cert-db.c:1509/ssh_certdb_find: CDB: Looking from cache: Certificate by IP [Thu Aug 28 07:01:33.297 UTC] SshCertCMi/cmi.c:1419/cm_search_local_dbs: ssh.local: [failed] process rule. This is because the SAN was not configured for the identity certificate with self-identity as the IP address: eg: crypto profile "RAS-prof" isakmp self-identity id-type ip id 10.0.0.1 <IP address is being used as the self-identity> This should be documented at: http://www.cisco.com/c/en/us/td/docs/wireless/wsg/WSG_4-3-2/user_guide/WSG_ConfigGuide/WSG_Config_SettingUp.html Conditions: WSG ver 4.3.2 with terminates a site to site VPN tunnel.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases