08-10-2023 02:23 AM
Hi.
I'm reaching out because I'm having trouble setting up tunneling.
If I am doing gre over ipsec between cisco 2911 <-> cisco 2911, there is no problem.
There is no problem with ipsec between Cisco 2911 <-> ASA5520.
However, when I try to tunnel between Cisco 2911<->Cisco 8200 and ASA5520<->Cisco 8200 with the same settings, the tunneling fails and I get the following log.
112.175.X.X : ASA5520
123.140.x.x : c2911
221.156.x.x : c8200
- LOG
%CRYPTO-6-IKMP_NOT_ENCRYPTED: IKE packet from 112.175.x.x was not encrypted and it should've been.
- LOG
%CRYPTO_ENGINE-3-CSDL_COMPLIANCE_FAIL: Cisco PSB security compliance violation is detected. Use of MD5 by Crypto IKMP is denied
Solved! Go to Solution.
08-10-2023 05:37 AM
- FYI : https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwb76866
M.
08-10-2023 05:37 AM
- FYI : https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwb76866
M.
08-10-2023 05:02 PM
Hi marce1000
I understand that some routers do not support MD5, as you mentioned.
When connecting C2911 and c8200 with IPSEC, it does not work even if you apply AES/SHA or 3DES/SHA512, AES256/SHA256.
However, it works with the same settings between C2911 and C2911.
08-15-2023 05:19 PM
Thank you for your support.
I solved the problem by not using the DES algorithm and not encrypting the key exchange.
Thank you
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide