cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
499
Views
0
Helpful
2
Replies

Debug help

brianj
Level 1
Level 1

I have a 4 site hub and spoke vpn setup. Whenever more than one site established a connection I receive the following error during a debug:

IPSEC(validate_proposal_request): proposal part #1,

(key eng. msg.) dest= 24.153.172.114, src= 24.153.252.102,

dest_proxy= 0.0.0.0/0.0.0.0/1/0 (type=4),

src_proxy= 0.0.0.0/0.0.0.0/1/0 (type=4),

protocol= ESP, transform= esp-des esp-sha-hmac ,

lifedur= 0s and 0kb,

spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x4

IPSEC(validate_transform_proposal): peer address 24.x.x.111 not found

ISAKMP: IPSec policy invalidated proposal

ISAKMP (0): SA not acceptable!

ISAKMP (0): sending NOTIFY message 14 protocol 3

return status is IKMP_ERR_NO_RETRANS3.254

The address listed is that of the hub pix. It is correct and all spoke devices have this IP in the crypto maps. The hub has all 3 remote sites as well. Each site works fine UNTIL more than one tunnel is established.

Thanks,

Brian

2 Replies 2

brianj
Level 1
Level 1

I noticed I pasted the wrong info, the correction is:

IPSEC(validate_transform_proposal): peer address 24.153.172.114 not found

Thanks,

Brian

Nevermind I figured it out.