cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

390
Views
0
Helpful
1
Replies
Beginner

unable to allocate ike sa

cat 6500 with IPSec VPN module. VTI is configured, but debugs show that it is unable to allocate ike sa.

Have changed the key, removed the keyring and just used a global type isakmp key. no change.

crypto engine mode vrf

crypto keyring key1

  pre-shared-key address 1.1.1.1 key <key>

crypto isakmp policy 1

  encr aes

  hash sha

  authentication pre-share

crypto isakmp profile isa_prof

  keyring key1

  match identity address 1.1.1.1 255.255.255.255

crypto ipsec transform-set proposal esp-aes esp-sha-hmac

crypto ipsec profile vpnprof

 set transform-set proposal

 set isakmp-profile isa_prof

int Tunnel0

 ip vrf forwarding inside

 ip addr 10.10.10.0 255.255.255.254

 ip summary-address 3 10.0.0.0 255.0.0.0 255

 tunnel source Loopback1

 tunnel destination 1.1.1.1

 tunnel mode ipsec ipv4

 tunnel protection ipsec profile vpnprof

 crypto engine slot 3/0 inside

int Loopback1

 ip addr 2.2.2.2 255.255.255.255

 crypto engine slot 3/0 outside

1 REPLY 1
Highlighted
Contributor

Re: unable to allocate ike sa

Do you have IOS version of 12.2.18SXF? If not then I'd give that a try.