Guest

Preview Tool

Cisco Bug: CSCuq80474 - DOC:WSG-SAN is an absolute requirement if self-id is IP address

Last Modified

Apr 03, 2018

Products (1)

  • Cisco 7600 Wireless Security Gateway

Known Affected Releases

4.3.2

Description (partial)

Symptom:
The following debugs seen:


[Thu Aug 28 07:01:33.297 UTC] SshCertDB/cert-db.c:1509/ssh_certdb_find: CDB: Looking from cache: Certificate by IP[]
[Thu Aug 28 07:01:33.297 UTC] SshCertCMi/cmi.c:1419/cm_search_local_dbs: ssh.local: [failed] process rule. 

This is because the SAN was not configured for the identity certificate with self-identity as the IP address:

eg: crypto profile "RAS-prof"
  isakmp
    self-identity id-type ip id 10.0.0.1  <IP address is being used as the self-identity>

This should be documented at:
http://www.cisco.com/c/en/us/td/docs/wireless/wsg/WSG_4-3-2/user_guide/WSG_ConfigGuide/WSG_Config_SettingUp.html

Conditions:
WSG ver 4.3.2 with terminates a site to site VPN tunnel.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.