@Kenny_Sallee wrote:
Hey folks - I'll try to keep this short. I have a complex LAB using DMVPN and cert based authentication. I have the cert auth working to 2 DMVPN hubs (they are CSR1000Vs). However, on the 3rd (different tunnel) I can't get it to work. 100% sure the configuration is correct. 100% sure the PKI and certs are correct. However, I'm not getting to QM_IDLE. Debugs are not very helpful, save 'debug crypto engine'. I get this error, which on google search, folks say (and a Cisco troubleshooting doc), says I need a hardware encryption module. Again, I have this working on 2 other CSR1000V's in the SAME LAB. Any pointers? Is there some cap or license issue with CSR1000V and VIRL?
*Dec 4 00:26:29.723: crypto_engine_select_crypto_engine: can't handle any more
*Dec 4 00:26:29.767: crypto_engine: Create DH shared secret
*Dec 4 00:26:29.777: crypto_engine: Create IKE SA
*Dec 4 00:26:29.777: crypto engine: deleting DH phase 2 SW:6
*Dec 4 00:26:29.777: crypto_engine: Delete DH shared secret
*Dec 4 00:27:29.788: crypto engine: deleting IKE SA SW:5
*Dec 4 00:27:29.788: crypto_engine: Delete IKE SA
Posts: 2
Participants: 2
