Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3523
Views
0
Helpful
3
Replies

CRYPTO-4-IKE_DEFAULT_POLICY_ACCEPTED - ?

SludnevTN_2
Level 1
Level 1

‎04-30-2009 10:57 AM

What does it mean? I saw an explanation such as:

Error Message

I have this error:

%CRYPTO-4-IKE_DEFAULT_POLICY_ACCEPTED : IKE default policy was matched and is being used.

Explanation The default policy is being used because the local configured policies did not match with the peer's policies.

Recommended Action Unavailable.

____________________________________

But what should I do?

Here is my config:

R1:

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

lifetime 1800

!

crypto isakmp policy 2

encr aes 256

authentication pre-share

group 2

!

crypto isakmp key ts address xxx.175.97.74

crypto isakmp key ts-licon address xxx.234.213.46

crypto isakmp key tS-irkTS address xxx.241.208.10

!

crypto ipsec security-association lifetime seconds 1200

!

crypto ipsec transform-set km4set esp-3des esp-sha-hmac

crypto ipsec transform-set liconset ah-sha-hmac esp-aes

crypto ipsec transform-set irktsset ah-md5-hmac esp-aes

!

crypto ipsec profile IRKTS

set security-association lifetime seconds 3600

set transform-set irktsset

!

crypto ipsec profile KM4

set security-association lifetime seconds 3600

set transform-set km4set

!

crypto ipsec profile LICON

set security-association lifetime seconds 3600

set transform-set liconset

!

interface Tunnel26

bandwidth 2000

ip address 192.168.251.2 255.255.255.252

qos pre-classify

tunnel source XXX.XXX.133.13

tunnel destination XXX.XXX.208.10

tunnel mode ipsec ipv4

tunnel protection ipsec profile IRKTS

R2:

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

lifetime 1800

crypto isakmp key tS-irkTS address XXX.XXX.113.13

!

crypto ipsec security-association lifetime seconds 1200

!

crypto ipsec transform-set irktsset ah-md5-hmac esp-aes

!

crypto ipsec profile IRKTS

set security-association lifetime seconds 3600

set transform-set irktsset

!

interface Tunnel26

bandwidth 2000

ip address 192.168.251.1 255.255.255.252

qos pre-classify

tunnel source XXX.XXX.208.10

tunnel destination XXX.XXX.133.13

tunnel mode ipsec ipv4

tunnel protection ipsec profile IRKTS

Please help. Thank you.

1 person had this problem
Labels:
0 Helpful
3 Replies 3

Mikheil Zhizhilashvili
Level 1
Level 1

‎03-09-2013 12:31 AM

I think this is simple IKE notification massage.

0 Helpful

yahsiel2004
Level 7
Level 7

‎08-22-2013 01:15 PM

Did you ever figure this out?

HTH

Regards,

Yosh

HTH Regards, Yosh
0 Helpful

robert.vizitiu1
Level 1
Level 1

‎10-12-2015 01:02 AM

Hi,

 

The message means the 2 policies for negotiating IKE Phase 1 doesn't match.

You should configure on R2 also the following policy:

 

crypto isakmp policy 2

encr aes 256

authentication pre-share

group 2

0 Helpful
Customers Also Viewed These Support Documents