Preview Tool

Cisco Bug: CSCuq80474 - DOC:WSG-SAN is an absolute requirement if self-id is IP address

Last Modified

Apr 03, 2018

Products (1)

  • Cisco 7600 Wireless Security Gateway

Known Affected Releases


Description (partial)

The following debugs seen:

[Thu Aug 28 07:01:33.297 UTC] SshCertDB/cert-db.c:1509/ssh_certdb_find: CDB: Looking from cache: Certificate by IP[]
[Thu Aug 28 07:01:33.297 UTC] SshCertCMi/cmi.c:1419/cm_search_local_dbs: ssh.local: [failed] process rule. 

This is because the SAN was not configured for the identity certificate with self-identity as the IP address:

eg: crypto profile "RAS-prof"
    self-identity id-type ip id  <IP address is being used as the self-identity>

This should be documented at:

WSG ver 4.3.2 with terminates a site to site VPN tunnel.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.