12-29-2004 05:50 PM
I have a 4 site hub and spoke vpn setup. Whenever more than one site established a connection I receive the following error during a debug:
IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) dest= 24.153.172.114, src= 24.153.252.102,
dest_proxy= 0.0.0.0/0.0.0.0/1/0 (type=4),
src_proxy= 0.0.0.0/0.0.0.0/1/0 (type=4),
protocol= ESP, transform= esp-des esp-sha-hmac ,
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x4
IPSEC(validate_transform_proposal): peer address 24.x.x.111 not found
ISAKMP: IPSec policy invalidated proposal
ISAKMP (0): SA not acceptable!
ISAKMP (0): sending NOTIFY message 14 protocol 3
return status is IKMP_ERR_NO_RETRANS3.254
The address listed is that of the hub pix. It is correct and all spoke devices have this IP in the crypto maps. The hub has all 3 remote sites as well. Each site works fine UNTIL more than one tunnel is established.
Thanks,
Brian
12-29-2004 05:53 PM
I noticed I pasted the wrong info, the correction is:
IPSEC(validate_transform_proposal): peer address 24.153.172.114 not found
Thanks,
Brian
12-29-2004 07:36 PM
Nevermind I figured it out.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide