Hi, Please help me, how can i set-up something right with this 2 machines? Problems: Group = DefaultRAGroup, IP = xx.xx.xx.xxx, Error: Unable to remove PeerTblEntry Group = DefaultRAGroup, IP = xx.xx.xx.xxx, Removing peer from peer table failed, no match! Group = DefaultRAGroup, IP = xx.xx.xx.xxx, IKE AM Responder FSM error history (struct &0x3322c70) <state>, <event>: AM_DONE, EV_ERROR-->AM_SND_MSG2, EV_SND_MSG-->AM_SND_MSG2, EV_START_TMR-->AM_BLD_MSG2, EV_BLD_MSG2_TRL-->AM_BLD_MSG2, EV_SKEYID_OK-->AM_BLD_MSG2, NullEvent-->AM_BLD_MSG2, EV_GEN_SKEYID-->AM_BLD_MSG2, EV_BLD_MSG2_HDR IP = xx.xx.xx.xxx, Received ISAKMP Aggressive Mode message 1 with unknown tunnel group name 'xx.xx.xx.xxx'. Configurations: Pix (Static): NAT Rules: (inside) 2 Exempt 10.0.0.0/24 to 10.0.1.0/24 Interface Outbound (inside) 9 Dynamic any Interface Outside ACL Manager: outside_crypto_map_1 1 any to any Service: ip enable inside_nat0_outbound 10.0.0.0/24 nach 10.0.1.0/24 Site-to-Site Group Policies GroupPolicyIPsec internal IPSEC kein AAA Server Group Tunnel Groups DefaultL2LGroup IPsec Protocol GroupPolicyIPsec mit Pre-Shared Key (same of the 2 machines) - IKE Peer ID Validation : Do not check (Monitor Keep alives) Crypto Maps Interface outside - dynamic 1.1 any to any Service:ip - protected - ESP-DES-MD5 - PFS:group1 - NAT-T: aktiviert SA Lifetime 08:00:00 or 4608000 KB (Perfect Forwarding Secrecy D-H Group 1) and Default dynamic 65535.65535 for every Transform-Set IKE Policies 10 - 3des - sha - D-H Group 2 - pre-share – 86400 9 - 3des - md5 - D-H Group 2 - pre-share - 28800 Certificate to Connection Profile Maps Policy Use the IKE identity to determine the group Default to group: DefaultL2LGroup RV082 (Dynamic) Wan 1 PPPoE Keep Alive interval 30 sec Redial Period 30 sec Gateway-to-Gateway Tunnel N°1 DefaultL2LGroup - Schnittstelle WAN1 - Local IP Only - Dynamic - (IP Range 10.0.1.0 bis 254) - Remote IP Only - Ip adresse xx.xx.xx.xxx - (IP range 10.0.0.0 bis 254) IPsec Setup IKE with Preshared key - Phase 1: DH Group2 - 3DES - MD5 - LifeTime 28800 Perfect Forward Secrecy gescheckt Phase 2: DH Group1 - DES - MD5 - LifeTime 28800 Preshared Key: as Pix Am I forgotten or missed something? On the Pix are connections set with Remote Access VPN (Split Tunnel). Thank you ahead for all your help. All The Best Joel
... View more
Hi, Here is the state of our Network now: We have a configuration type Client-to-Site between a Pix Firewall 515e with a static IP and VPN Client V5.0. There's a DMZ for a webserver and an access to our network on the other interface for our co-worker. The pool contents 10 adresses 192.168.0.200 to 192.168.0.210 (Small infrastructure) Firewall contents some ports routing for RDP Clients, SMTP, VPN Pool and Internet Traffic. There's 2 IPSec profiles, one for the users and the other for the management. The management is configured with a Splittunnel mode. The IKE Policies is dynamic with 3DES, sha D-H Group 2 and pre-share. We are trying to add on our Pix 515e a Site-to-Site configuration with on the other side a RV082 with dynamic IP. We would like to set-up like a transparent bridge over Internet (a part of IP Adress in one site and the rest in the other site). All addresses are set manually. The configuration from the RV082 is really easy with a Gateway-to-Gateway. WAN1 with DHCP Local Security IP Only and IP Range 192.168.0.166 to 192.168.0.254 (The internal address from the router) Remote Security IP Only and IP Range 192.168.0.0 to 192.168.0.149 The future Pool on Pix Firewall will be 150 to 165 IKE Pre-sharedkey, Phase 1 et 2 are equal with the configuration (DES, MD5 Group1) Few day ago, we have tried to change the Parameters of the Pix to fit with the new routers configuration (new pool, new IKE Policies, new Ipsec connection's profile and when we have applied there was a big problem with an error message IKE initiator unable to find policy: Intf inside, Src: xx.xxx.xx.xxx, Dst: xxx.xx.x.xxx But the worst all the people lost Internet and the different VPN's connections were lost. Before we have saved the configuration (cfg file) and in panic mode we have tried to restore......... another problem the configuration restore option search a zip file (ADSM 6.1) By chance, we have rebooted the Cisco Pix Firewall, the informations weren't saved on the flash! Someone can explain me this problem, about the Backup and Restore on ADSM, because i don't understand. And Something better what is the solution for this IKE Pre-sharekey Error. Thank you ahead for your Help Wish you a great day.
... View more