04-03-2004 11:46 PM
Hi,
I am trying to configure site to site VPN between VPN Consentrator and cisco 2600 router. I configured following parameter on consentrator.
VPN Gateway IP address: x.x.x.x
VPN Parameters:
Authentication:ESP/MD5/HMAC-128
Encryption:3DES-168
IKE Proposal: IKE-3DES-MD5-DH2
IPSec Parameters:
Encapsulation Mode: Tunnel
Life Time Measurement: Time
Time Life Time: 28800
IKE Proposal
Negotiation Mode: Main
Now I configured following configuration on router 2600.
crypto isakmp policy 110
encr 3des
hash md5
authentication pre-share
group 2
lifetime 28800
crypto isakmp key xxxx address x.x.x.x
!
!
crypto ipsec transform-set mine esp-3des esp-md5-hmac
!
crypto map mymap 10 ipsec-isakmp
set peer 10.200.1.5
set transform-set mine
match address 102
interface FastEthernet0/0
description Link to MTC
ip address 172.16.10.2 255.255.255.255
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.0.146 255.255.255.0
duplex auto
speed auto
crypto map mymap
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.16.10.1
access-list 102 permit ip host 10.200.1.5 host 172.16.10.2
access-list 102 permit tcp host 192.168.200.11 host 192.168.0.145 eq www
access-list 102 permit tcp host 192.168.0.145 host 192.168.200.11 eq www
access-list 102 permit ip host 172.16.10.2 host 10.200.1.5
Now,I chacked but tunnel is not able to intialize.I start the debug and found that it's not passing the Main mode.
debug is as follow:
06:20:07: ISAKMP (0:2): beginning Quick Mode exchange, M-ID of -965948346
06:20:07: ISAKMP (0:2): sending packet to 10.200.1.5 (I) QM_IDLE
06:20:08: ISAKMP (0:2): received packet from 10.200.1.5 (I) QM_IDLE
06:20:08: ISAKMP (0:2): processing HASH payload. message ID = -1315122878
06:20:08: ISAKMP:received payload type 15
06:20:08: ISAKMP (0:2): processing DELETE_WITH_REASON payload, message ID = -1315122878, reason: Unknown delete reason!
06:20:08: ISAKMP (0:2): peer does not do paranoid keepalives.
06:20:08: ISAKMP (0:2): deleting SA reason "P1 delete notify (in)" state (I) QM_IDLE (peer 10.200.1.5) input queue 0
06:20:08: ISAKMP (0:2): deleting node -965948346 error FALSE reason "P1 delete notify (in)"
06:20:08: ISAKMP (0:2): deleting node -1315122878 error FALSE reason "P1 delete notify (in)"
06:20:28: ISAKMP (0:1): purging node 567915527
06:20:28: ISAKMP (0:1): purging node 1955492785
what should be a problum?
Best regards,
banno
04-08-2004 12:31 PM
Mismatch of IKE phase II atts(check your ipsec transformset); Also, check the network list to match the exact networks defined on the access-list on the router and the logs of the concentrator.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide