I have one Ikev2 site-to-site tunnel which has been stuck in this state:
Session-id:15, Status:UP-IDLE, IKE count:1, CHILD count:0
Tunnel-id Local Remote Status Role 1319195545 x.x.x.x/4500 y.y.y.y/4500 READY RESPONDER Encr: AES-CBC, keysize: 256, Hash: SHA256, DH Grp:19, Auth sign: PSK, Auth verify: PSK Life/Active Time: 28800/1080711 sec
Active Time has passed the lifetime a long ago. 'clear crypto ikev2 sa' or 'clear ipsec sa peer y.y.y.y' won't terminate the tunnel. What can be done to terminate this tunnel? Rebooting the firewall isn't really a solution...
Show Name: Thoughts on Security at Cisco Live US 2018 in Orlando
Contributors: Kevin Klous, David White Jr., Aaron Woland, Jeff Fanelli
Posting Date: June 2018
Description: The team goes on-site in the Cisco Live Speaker room in...
RADIUS and Symantec VIP.
I will use screenshots of ASDM, and at the end I will add the required CLI commands. the diagram below show a diagram of the steps the FW goes through when using 2FA authentication:
As you can see in Fig. 1&nbs...