Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
316
Views
0
Helpful
2
Replies

PIX525 VPN tunnel to Nortel Contivity problems

mscanu
Level 1
Level 1

‎04-13-2005 06:56 AM - edited ‎02-21-2020 01:43 PM

I receive the following message when trying to bring up the tunnel. ISAKMP: error, msg not encrypted. I have found no information on the Cisco website. Attached is the complete debug.

Labels:
Preview file
23 KB
0 Helpful
2 Replies 2

mhussein
Level 4
Level 4

‎04-13-2005 12:58 PM

Hello,

The error occured for a packet from 10.48.32.125 (local) to 10.50.127.253 (remote).

The IPSec SA doesn't identify this as interesting traffic. The IPSec SA established:

local_proxy= 0.0.0.0/0.0.0.0/1/0 (type=4),

remote_proxy= 149.x.x.18/255.255.255.255/1/0 (type=1)

That is, only traffic from 0.0.0.0 (local, that is any host) to 149.x.x.18 (remote, one host) will be encrypted by IPSec.

If you need this traffic to be encrypted, the crypto acl should be modified, e.g adding this line:

access-list permit ip 10.48.32.0 255.255.255.0 10.50.127.253 255.255.255.0

And at the same time, the crypto acl has to be modified on the Nortel side to mirror image the pix acl.

HTH,

Mustafa

0 Helpful

mscanu
Level 1
Level 1

‎04-14-2005 05:51 AM

I have other tunnels and the peer address is not in the access-list and they work fine.

0 Helpful
Customers Also Viewed These Support Documents