ASR1002F - hardware crypto engine disabled

Problemy z zakresu security (VPN, firewall, IDS/IPS itp.)

Moderatorzy: mikrobi, aron, garfield, gangrena, Seba, Wojtachinho

Wiadomość
Autor
koziol
member
member
Posty: 31
Rejestracja: 14 mar 2013, 18:02

ASR1002F - hardware crypto engine disabled

#1

#1 Post autor: koziol » 06 wrz 2018, 12:20

Hejka,

mam odgrzebanego ASRa 1002F z zamiarem zestawienia kilku tuneli S2S.
Podczas konfiguracji tuneli dostaję:

Kod: Zaznacz cały

hardware crypto engine disabled
i leci

Kod: Zaznacz cały

%Software-forced reload
co ciekawe:

Kod: Zaznacz cały

asr_vpn#sh platform
Chassis type: ASR1002-F

Slot      Type                State                 Insert time (ago)
--------- ------------------- --------------------- -----------------
0         ASR1002-SIP10-F     ok                    00:24:10
 0/0      4XGE-BUILT-IN       ok                    00:20:29
 0/1      SPA-2XOC3-POS       ok                    00:20:29
R0        ASR1002-RP1         ok, active            00:24:10
F0        ASR1002-ESP-F       ok, active            00:24:10
P0        ASR1002-PWR-AC      ok                    00:23:13
P1        ASR1002-PWR-AC      ok                    00:23:12

Slot      CPLD Version        Firmware Version
--------- ------------------- ---------------------------------------
0         07120202            12.2(33r)XNC
R0        08011017            12.2(33r)XNC
F0        07091401            12.2(33r)XNC
ale juz:

Kod: Zaznacz cały

asr_vpn#sh crypto eli
Hardware Encryption : INACTIVE
 Number of hardware crypto engines = 1

 CryptoEngine IOSXE-ESP(14) details: state = Initializing[/b]
 Capability    : DES, 3DES, AES, RSA, IPv6, GDOI, FAILCLOSE

 IPSec-Session :     0 active, 32766 max, 0 failed
hw-module slot F0 restart nie pomaga, za to hw-module slot F0 stop a pozniej hw-module slot F0 start:

Kod: Zaznacz cały

asr_vpn#hw-module slot F0 start
asr_vpn#sh platform
Chassis type: ASR1002-F
[...]
F0        ASR1002-ESP-F       booting               00:27:07
[...]

po chwili
F0        ASR1002-ESP-F       init, active          00:28:47

az wreszcie:
F0        ASR1002-ESP-F       ok, active            00:28:59
F0        07091401            12.2(33r)XNC
problem w tym, ze

Kod: Zaznacz cały

asr_vpn#sh crypto eli
Hardware Encryption : INACTIVE
 Number of hardware crypto engines = 1

 CryptoEngine IOSXE-ESP(14) details: state = Initializing
 Capability    : DES, 3DES, AES, RSA, IPv6, GDOI, FAILCLOSE

Kod: Zaznacz cały

System image file is "bootflash:/asr1000rp1-advipservicesk9.03.10.02.S.153-3.S2-ext.b"
cisco ASR1002-F (2RU) processor with 1669939K/6147K bytes of memory.
Processor board ID FOX1415GMCC
4 Gigabit Ethernet interfaces
2 Packet over SONET interfaces
32768K bytes of non-volatile configuration memory.
4194304K bytes of physical memory.
7798783K bytes of eUSB flash at bootflash:.
Spotkaliście się z problemem? moduł do kosza?

ODPOWIEDZ