IKEv2 Authentication Error Tidbit

So I recently went down a rabbit hole the other day trying to figure out why I could not use my IOS PKI Certificate Authority (CA) in another FlexVPN scenario acting as the hub. As I attempted to bring up a FlexVPN session I continued to debug ikev2 packets (debug crypto ikev2 packet) and kept seeing this error:


Payload contents:

NOTIFY(AUTHENTICATION_FAILED) Next payload: NONE, reserved: 0x0, length: 8

Security protocol id: Unknown - 0, spi size: 0, type: AUTHENTICATION_FAILED


Long story short, I was actually trying to use the CA trustpoint within my IKEv2 profile configuration that is used for signing certificates.


The fix is that you must configure a separate trustpoint to then have the CA enroll with itself, and that trustpoint must be configured within your IKEv2 profile. At this point the CA now has an identity certificate it can use in IKEv2 Authentication. As soon as this was done I was able to move forward. Hopefully this helps you, Cheers!

0 comments

Recent Posts

See All

Email Security - S/MIME Tidbit

So it has definitely been a minute since I produced a tidbit. Lately I have been investing personal time into email security. The topics that I have covered thus far are in no particular order, but

November 21 Update Tidbit

Sharing some quick personal news as well as an update with where my head is currently at. I recently invested most of my time with VPNs the last couple of months. So I finally decided to take a stab

Personal Tidbit - Oct 2021

Sharing some exciting news. I recently participated in a Cisco Championship Content competition, & actually claimed first place! Pretty excited to receive the news since I frequently spend time on Ci