Beginning Nov 15, 2021, the Networking Forum discussion boards moved to the Aruba Airheads community

Click here to learn more

HPE Community

Security e-Series

1754098 Members

234 Online

108811 Solutions

New Discussion

MSR3064

I have an advpn configuration that's working great however when I apply

interface Tunnel 0 mode advpn udp

tunnel protection ipsec profile ipsecprofile1

I repeatedly get the debugging message

The SA doesn't exist in kernel.

If I apply an ike profile the ipsec tunnel works beautiful and I can even switch the config and the error message goes away until I reboot, apply the ike profile and then switch to the ikev2...

dis ikev2 sa; no matter which profile I apply is always empty. "dis ike sa" does return proper results.

any hints?

Here's my ipsec/ikev2 config example....

ipsec profile ipsecprofile1 isakmp
transform-set ipsectran1
ike-profile ikeprofile1

ipsec transform-set ipsectran1
esp encryption-algorithm aes-cbc-256
esp authentication-algorithm sha512

ikev2 profile ikeprofile1
authentication-method local pre-share
keychain keychain1

ikev2 keychain keychain1
peer ikePEER
address 0.0.0.0 0.0.0.0
pre-shared-key <redacted>

ikev2 proposal ikev2proposal
encryption aes-cbc-256
integrity sha512
dh group20

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

MSR3064

MSR3064