Cisco Bug: CSCuw33713 - IKEv2: crypto iskamp identity auto doesn't work - DN not IKE ID but IP.
Nov 09, 2016
- Cisco ASA 5500-X Series Firewalls
Known Affected Releases
Symptom: Despite the "crypto isakmp identity auto" the ASA does not send DN as IKE ID. It consistently sends IPv4 address. As a result the peer identity verification fails. Conditions: 1. IKEv2 L2L VPN 2. Certificate hierarchy: ECDSA key root ECDSA key sub ECDSA key identity OR RSA key root ECDSA key sub ECDSA key identity 3. "crypto isakmp identity auto" enabled
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases