Hi All,
I have an issue with a Site to site VPN.
Our site is a Cisco 2900 - The remote is a Juniper.
I recieve the following message in the debug during Phase 1 negotiation:
ISAKMP:(0):Checking ISAKMP transform 1 against priority 11 policy
ISAKMP: encryption AES-CBC
ISAKMP: keylength of 256
ISAKMP: hash SHA
ISAKMP: default group 2
ISAKMP: auth pre-share
ISAKMP: life type in seconds
ISAKMP: life duration (VPI) of 0x0 0x0 0x70 0x80
ISAKMP:(0):Preshared authentication offered but does not match policy!
ISAKMP:(0):atts are not acceptable. Next payload is 0
ISAKMP:(0):no offers accepted!
ISAKMP:(0): phase 1 SA policy not acceptable! (local My.IP.ADD.RES remote RE.MO.TE.IP)
ISAKMP (0): incrementing error counter on sa, attempt 1 of 5: construct_fail_ag_init
ISAKMP:(0): Failed to construct AG informational message.
ISAKMP:(0): sending packet to RE.MO.TE.IP my_port 500 peer_port 500 (R) AG_NO_STATE
I have the following config on my policy:
crypto isakmp policy 11
encr aes 256
authentication pre-share
group 2
lifetime 28800
It looks to match with what is comming in..
Can someone tell me what the "Preshared authentication offered but does not match policy!" message does exactly means?
What can be the main cause of this error message?
Thanks in advance