First, let me say I am VERY new to cisco firewalls. I am not really very well versed with IPSec tunnels either so I appologize if I sound like a boob. I sure could use some help here - cisco TAC has done all they can and my counterpart is far from cooperative.
Now for my issue:
I am configuring an ASA-5515-X to talk with a juniper firewall (sorry, I do not know the model). I have been trough the configuration tons of times and I cannot find an issue. Here is the output from the Juniper set up:
Part I – IKE Phase1
show security ike
proposal ecfo-ike-p1-prop {
authentication-method pre-shared-keys;
dh-group group2;
authentication-algorithm sha1;
encryption-algorithm aes-256-cbc;
}
policy ecfo-pri-ike-p1-policy {
mode main;
proposals ike-phase1-proposal;
pre-shared-key ascii-text "$9$2.4ZjHkPz39kqPQFnu0"; ## SECRET-DATA
}
gateway ecfo-gw-1 {
ike-policy new-pri-ike-p1-policy;
address xx.xx.xx.xx;
dead-peer-detection;
no-nat-traversal;
local-identity inet 10.96.66.252;
remote-identity inet xx.xx.xx.xx;
external-interface vlan.436;
general-ikeid;
inactive: version v2-only;
}
I swear I have my router set up the same, but I must not. I keep getting "No Proposal Choosen" errors. In looking at the log I get
|
|
|
|
|
|
|
| Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Group 5 Cfg'd: Group 2 |
Could someone please tell me what I am doing wrong?
I would be happy to post my configuration - sadly I am not well versed in the CLI nor do I know exactly what you would want. Here is what I think is relevant:
crypto ikev1 enable outside
crypto ikev1 policy 5
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 10
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 70
authentication crack
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
