Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
481
Views
0
Helpful
1
Replies

Cisco 1750 VPN and W2k IPSec config problem

robert.berger
Level 1
Level 1

‎11-09-2001 07:02 AM - edited ‎02-21-2020 11:29 AM

Need advise from you.

Wee have Cisco 1750 IP/FW IPSEC 3DES

Wee have 2 fix tunnels with other IOS Boxes

Wee have Secure Client VPN 1.1 with NT4

Everything works well.

But now i need to config W2K with the integrated IPSec using MMC and so on.

I trying since two days to connect them.

ISAKMP with DES MD5 OK (QM IDLE)

Then:

(key eng. msg.) dest= a.a.a.a, src= b.b.b.b,

dest_proxy= a.a.a.a/255.255.255.255/0/0 (type=1),

src_proxy= b.b.b.b/255.255.255.255/0/0 (type=1),

protocol= ESP, transform= esp-des esp-md5-hmac ,

lifedur= 0s and 0kb,

spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x0

IPSEC(validate_transform_proposal): proxy identities not supported

There i am on the end of my mind and on my time to try .....

Priorty is changed before and after the other tunnels no change.

Hope somebody can help me,

Robert

P.S.: My additional config for the IOS

!

crypto isakmp policy 2

encryption des

hash md5

authentication pre-share

group 1

lifetime 300

exit

!

crypto isakmp key xyz1234 address 0.0.0.0

!

crypto ipsec transform-set vpn-transform esp-des esp-md5-hmac

mode transport

exit

!

crypto dynamic-map vpn-dynamic 2

set transform-set vpn-transform

match address 107

set security-association lifetime seconds 300

exit

!

ip local pool vpn-dial-pool c.c.c.c d.d.d.d

crypto isakmp client configuration address-pool local vpn-dial-pool

!

crypto map cm-cryptomap client configuration address initiate

crypto map cm-cryptomap client configuration address respond

crypto map cm-cryptomap 2 ipsec-isakmp dynamic vpn-dynamic

!

no access-list 107

access-list 107 permit ip host myHOST host remote Laptop

Labels:
0 Helpful
1 Reply 1

ciscomoderator
Community Manager
Community Manager

‎11-14-2001 02:55 PM

Since there has been no response to your post, it appears to be either too complex or too rare an issue for other forum members to assist you. If you don't get a suitable response to your post, you may wish to review our resources at the online Technical Assistance Center (http://www.cisco.com/tac) or speak with a TAC engineer. You can open a TAC case online at http://www.cisco.com/tac/caseopen

If anyone else in the forum has some advice, please reply to this thread.

Thank you for posting.

0 Helpful
Customers Also Viewed These Support Documents