06-27-2003 08:34 PM - edited 03-02-2019 08:29 AM
the debug below says the pre-shared keys don't match. i believe they do. my group is vpnuser and key is cisco123 on the vpn client and on the router they are also the same. suggestions?
2d09h: ISAKMP (0:9): Checking ISAKMP transform 8 against priority 100 policy
2d09h: ISAKMP: encryption AES-CBC
2d09h: ISAKMP: hash MD5
2d09h: ISAKMP: default group 2
2d09h: ISAKMP: auth pre-share
2d09h: ISAKMP: life type in seconds
2d09h: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
2d09h: ISAKMP: keylength of 128
2d09h: ISAKMP (0:9): Encryption algorithm offered does not match policy!
2d09h: ISAKMP (0:9): atts are not acceptable. Next payload is 3
2d09h: ISAKMP (0:9): Checking ISAKMP transform 9 against priority 100 policy
2d09h: ISAKMP: encryption 3DES-CBC
2d09h: ISAKMP: hash SHA
2d09h: ISAKMP: default group 2
2d09h: ISAKMP: auth XAUTHInitPreShared
2d09h: ISAKMP: life type in seconds
2d09h: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
2d09h: ISAKMP (0:9): Hash algorithm offered does not match policy!
2d09h: ISAKMP (0:9): atts are not acceptable. Next payload is 3
2d09h: ISAKMP (0:9): Checking ISAKMP transform 10 against priority 100 policy
2d09h: ISAKMP: encryption 3DES-CBC
2d09h: ISAKMP: hash MD5
2d09h: ISAKMP: default group 2
2d09h: ISAKMP: auth XAUTHInitPreShared
2d09h: ISAKMP: life type in seconds
2d09h: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
2d09h: ISAKMP (0:9): Xauth authentication by pre-shared key offered but does not
match policy!
thanks-mike
06-27-2003 09:16 PM
Can you post your configs at either ends?
06-27-2003 09:21 PM
crypto isakmp policy 100
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp client configuration group vpnuser
key cisco123
dns 192.168.100.10
wins 192.168.100.11
domain mycorp.corp
pool vpnpool
!
!
crypto ipsec transform-set vpnuser ah-sha-hmac esp-3des
!
!
!
!
crypto dynamic-map vpnuser 75
description Dynamic crypto map for vpn users
set transform-set vpnuser
!
!
crypto map mymap client configuration address respond
crypto map mymap 120 ipsec-isakmp dynamic vpnuser
!
ip local pool vpnpool 192.168.100.50 192.168.100.100
06-29-2003 02:21 PM
.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide