>Does that mean we're getting closer to paid Anyconnect?
It's the same AnyConnect licences you already need to use it ... it's just on an honesty basis.
As per that BU, there won't be any license validation on the Dashboard, so as @PhilipDAth already said, it's still the trust based model.
Of course, this could change in the fututure. 😉
Hello, we have had a problem with the last upgrade to this version (MX 15.43 → MX 16.14).
Later than the upgrade we had several problems with the traffic between this SPOKE and the HUB. Concretly, the problems were found in Lan2Lan traffic, we didn't have traffic from LAN of Spoke to the LAN (servers) in the HUB.
Another problem that we found was with the NBAR applicattion: we don't know why this application recognized the local destination with IP 192.168.1.X as a Facebook traffic. We had to delete the Facebook layer 7 rule.
Finally, to resolve the problem, we had to do the rollback. Is it possible that 16.14 version has another bug?
for the time being, we have the automatic updates stopped.
On MX15.x release notes I can see this :
But I don't see this in 16.14, does it mean it doesn't validate the remote ID parameter strictly any more ?
@jay_b I don't know for sure, but I'd be willing to bet that this has carried forward and is only not noted due to it not being a new feature.
Any idea you could implement a debugging feature for the authentication part of IKE and perhaps more debugging for re-key phases? We can't use packet captures for this because the authentication messages are encrypted so we don't know how the remote IKE ID arrives and how we send the local IKE ID.
Yes, talks have been in the works for a while about this. Trust me, Support wants this as much as anyone, but we also need to make sure it's done right.
Oh god, yes, please!
I suspect this isn't as sexy as writing new features, or mundane as fixing bugs, so is less attractive for the developers to do.