Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
277
Views
0
Helpful
2
Replies

Cisco ASR 1001 to ASR 1001

josebash
Level 1
Level 1

‎12-01-2023 09:18 PM

Hello,

Cant find the answer anywhere.

 

I have one ASR 1001 in one location. I have no problem connecting a Fortigate to it and creating a Site to Site VPN.

I have one ASR acting as HUB.

ther ASR 1001 connecting to the same ASR but can't get the tunnel up.

On one of the ASR I got: 
     "Phase1 SA policy proposal not accepted"

and on the other I get:
    :Notify has no hash. Rejected.

Both routers Phase1 match:

crypto isakmp policy 10
encr aes 256
authentication pre-share
group 2
lifetime 28800




Any idea?

 

Thanks in advance.

 

 

 

 

 

Labels:
0 Helpful
2 Replies 2

MHM Cisco World
VIP
VIP

‎12-02-2023 03:45 PM

  • debug crypto ipsec

  • debug crypto isakmp

  •  
  • Share output of above
  • MHM
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎12-03-2023 04:18 AM 

On one of the ASR I got: 
     "Phase1 SA policy proposal not accepted"

Which one is that - the one working with Fortifate or the one you looking to add to exiting VPN ?

The error clearly says Phase1 parameters are not matching.

what is version of Code running on both the ASR ? make sure peer address matching  ?

Can you post full related VPN config from both the sides.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents