IPSec Connection Problem

khaled.benhaj · ‎12-25-2006

Hi,

I'm trying to establish IPSec connection between PIX (Version 7.1(2)) and a NetScreen.

When I try to establish the VPN tunnel from the PIX side, it fails and I obtain this message:

Dec 25 17:04:46 [IKEv1]: Error: Unable to remove PeerTblEntry

Dec 25 17:04:51 [IKEv1]: Removing peer from peer table failed, no match!

But when the other person try to establish the tunnel from the NetScreen side, it successes and I obtain in my PIX this debugging message:

CRYPTO_PKI: Cert record not found, returning E_NOT_FOUND

CRYPTO_PKI: status = 0: failed to get extension from cert

Dec 25 16:52:17 [IKEv1]: Group = 10.101.0.2, IP = 10.101.0.2, Mismatch: P1 Authe

ntication algorithm in the crypto map entry different from negotiated algorithm

for the L2L connection.

Could you, please, tell me if the problem is in the PIX configuration?

You find configuration in attachment.

kamal-learn · ‎12-25-2006

when both peers try to build the tunnel there is phase one and phase two during those phases proposal are exchanged , when they find a match the tunnel can be built, in your case as mentionned by the message :(Mismatch: P1 Authentication algorithm in the crypto map entry different from negotiated algorithm for the L2L connection.)

the autehntication algorith is not the same so try with the administartor of the other peers to make the same authentication!!!

remember the only parameters that can be accepted even if it does not much is the LIFETIME.

please do rate if it does help