Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Packets to an internal HTTPS server are dropped continuously by the inspection engine in the router with Cisco IOS Software Release 12.4

Core issue

This issue occurs due to the presence of Cisco bug ID CSCsd27617.

The Advanced Encryption Standard (AES) password encryption corrupts the existing pre-shared key (PSK) on the router as described by Cisco bug ID CSCsd27617.

If a router's EzVPN Group name contains a "_"  such as group ezvpn_myclient key mytest and you add password encryption aes then IKE consistently fails with the wrong group PSK.

Resolution

In order to resolve this issue, delete and recreate the PSK (without " _ ") after you apply the AES password encryption.

Issue these commands:

          Router(config)#key config-key password-encryption [master key]
     Router(config)#password encryption aes

Note: Delete and re-create the PSK in the group configuration.

652
Views
0
Helpful
0
Comments