Guest

Preview Tool

Cisco Bug: CSCvs28224 - Flexvpn on router does not work when using default ike-id with EAP auth

Last Modified

Aug 27, 2020

Products (1)

  • Cisco AnyConnect Secure Mobility Client

Known Affected Releases

4.8(2051)

Description (partial)

If no value is configured in ike-id in client profile , default should be sent.

Symptom:
We are seeing following in debugs

*Nov 28 11:30:48.302: IKEv2-ERROR:Header length 8 is Invalid for payload ID
*Nov 28 11:30:48.303: IKEv2-ERROR:(SESSION ID = 16,SA ID = 2):Failed to parse the packet: Detected an invalid value in the packet
*Nov 28 11:30:48.303: IKEv2:(SESSION ID = 16,SA ID = 2):Send error response
*Nov 28 11:30:48.303: IKEv2:(SESSION ID = 16,SA ID = 2):Building packet for encryption.
Payload contents:
 NOTIFY(INVALID_SYNTAX)

Conditions:
Missing  <IKEIdentity>string</IKEIdentity> from client profile
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.