OPERATIONAL DEFECT DATABASE
...
...
With IKEv2 configuration, under the tunnel-group, if the "ikev2 remote-authentication pre-shared-key" value ends with a backslash "\", the tunnel forms and works fine, however, after a reload for any reason, the ASA deletes the whole line > Before Reload tunnel-group 1.1.1.1 type ipsec-l2l tunnel-group 1.1.1.1 ipsec-attributes ikev2 remote-authentication pre-shared-key ******* ikev2 local-authentication pre-shared-key ******* > After Reload tunnel-group 1.1.1.1 type ipsec-l2l tunnel-group 1.1.1.1 ipsec-attributes ikev2 local-authentication pre-shared-key *******
- IKEv2 used - Remote Pre-Shared-Key (PSK) string which ends with a backslash "\" - Reload - Issue seen on ASAv Version 9.20 and FPR-1010 Version 9.18(2) (ASA Code)
+ Modify the PSK and delete the backslash at the end
> Once the reboot is finished, the console logs shows the following: Reading from flash... !!!!!......WARNING: HMAC-SHA1-96 is considered insecure. This option is deprecated and will be removed in a later version. *** Output from config line 327, "ssh cipher integrity med..." WARNING: DH group 2 is considered insecure. This option is deprecated and will be removed in a later version. *** Output from config line 328, "ssh key-exchange group d..." WARNING: This command will not take effect until interface 'outside' has been assigned an IPv4 address *** Output from config line 334, "ssh X.X.X.X 255.25..." [...] WARNING: This command will not take effect until interface 'outside' has been assigned an IPv4 address *** Output from config line 349, "ssh X.X.X.X 255.25..." ikev2 remote-authentication pre-shared-key RdC23.${saef!541.>\ ERROR: % Invalid input detected at '^' marker. *** Output from config line 370, " ikev2 remote-authentica..." . Cryptochecksum (unchanged): XXXXXXXXXXXXXXXXXXXXXXXXXXXX INFO: File /mnt/disk0/.private/dynamic-config.json not opened; errno 2 INFO: Network Service reload not performed.
Click on a version to see all relevant bugs
Cisco Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
