I'm trying to get a remote access VPN setup to a 2921-G2 with onboard hardware crypto engine running 15.2(2)T2 IOS. Remote users use StrongSwan as a VPN client.
I've configured both ends to use RSA certs for authentication and Suite B cryptographic suites, but when attempting to form a tunnel with the router, the authentication process fails with the following debug entries on the router:
*Aug 14 09:21:33.876: crypto_engine_select_crypto_engine: can't handle any more
*Aug 14 09:21:33.880: crypto_engine: no crypto engines available
*Aug 14 09:21:33.880: IKEv2:(SA ID = 1):[Crypto Engine -> IKEv2] Verification of signed authentication data FAILED
*Aug 14 09:21:33.880: CRYPTO_PKI: Application requested to expire the key
*Aug 14 09:21:33.880: CRYPTO_PKI: Expiring peer's cached key with key id 17
*Aug 14 09:21:33.880: IKEv2:(SA ID = 1):Failed to compute or verify a signature
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...