Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3006
Views
0
Helpful
1
Replies

ipsec policy invalidated proposal with error 256

Behzad Sharifi
Level 1
Level 1

‎05-24-2017 02:18 AM - edited ‎02-21-2020 09:17 PM

Hello

I have a IPsec lan-to-lan tunnel between a Cisco ASA and Cisco ASR1001.

I can see that the Phase 1 is OK:

SDN3-HUB-1#sh crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id status
1XX.XX.XXX.XXX 9X.XXX.XXX.XX QM_IDLE 1118 ACTIVE

IPv6 Crypto ISAKMP SA

SDN3-HUB-1#

But I have problem with Phase 2 and I am getting this massege from my debug output on ASR1001 Router:

May 24 2017 10:51:35.019: ISAKMP-ERROR: (1117):IPSec policy invalidated proposal with error 256

 

I have checked all my Phase 2 config on the ASA and the Router and seems to be right. 
I need to know what does the IPSec policy invalidated proposal with error 256 .

Best regards

5 people had this problem
Labels:
0 Helpful
1 Reply 1

Mohammed al Baqari
Level 11
Level 11

‎05-24-2017 02:25 AM

Hi,

Please share the output of debug cry isa. 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents