12-01-2023 09:18 PM
Hello,
Cant find the answer anywhere.
I have one ASR 1001 in one location. I have no problem connecting a Fortigate to it and creating a Site to Site VPN.
I have one ASR acting as HUB.
ther ASR 1001 connecting to the same ASR but can't get the tunnel up.
On one of the ASR I got:
"Phase1 SA policy proposal not accepted"
and on the other I get:
:Notify has no hash. Rejected.
Both routers Phase1 match:
crypto isakmp policy 10
encr aes 256
authentication pre-share
group 2
lifetime 28800
Any idea?
Thanks in advance.
12-02-2023 03:45 PM
debug crypto ipsec
debug crypto isakmp
12-03-2023 04:18 AM
On one of the ASR I got:
"Phase1 SA policy proposal not accepted"
Which one is that - the one working with Fortifate or the one you looking to add to exiting VPN ?
The error clearly says Phase1 parameters are not matching.
what is version of Code running on both the ASR ? make sure peer address matching ?
Can you post full related VPN config from both the sides.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide