12-16-2012 01:30 PM - edited 02-21-2020 06:33 PM
Hi,
After creating a site to site ipsec-tunnel with two new Cisco SA 520 i get the following problem in the log:
Sun Dec 16 22:20:57 2012 (GMT +0100): [Cisco] [IKE] INFO: accept a request to establish IKE-SA: xx.xx.42.68
Sun Dec 16 22:20:57 2012 (GMT +0100): [Cisco] [IKE] INFO: Configuration found for xx.xx.42.68.
Sun Dec 16 22:20:57 2012 (GMT +0100): [Cisco] [IKE] INFO: Initiating new phase 1 negotiation: xx.xx.141.112[500]<=>xx.xx.42.68[500]
Sun Dec 16 22:20:57 2012 (GMT +0100): [Cisco] [IKE] INFO: Beginning Identity Protection mode.
Sun Dec 16 22:20:57 2012 (GMT +0100): [Cisco] [IKE] INFO: [isakmp_ident.c:184]: XXX: NUMNATTVENDORIDS: 3javascript:pop('platform.cgi?page=aboutPop.htm')
Sun Dec 16 22:20:57 2012 (GMT +0100): [Cisco] [IKE] INFO: [isakmp_ident.c:188]: XXX: setting vendorid: 4
Sun Dec 16 22:20:57 2012 (GMT +0100): [Cisco] [IKE] INFO: [isakmp_ident.c:188]: XXX: setting vendorid: 8
Sun Dec 16 22:20:57 2012 (GMT +0100): [Cisco] [IKE] INFO: [isakmp_ident.c:188]: XXX: setting vendorid: 9
Sun Dec 16 22:21:28 2012 (GMT +0100): [Cisco] [IKE] ERROR: Invalid SA protocol type: 0
Sun Dec 16 22:21:28 2012 (GMT +0100): [Cisco] [IKE] ERROR: Phase 2 negotiation failed due to time up waiting for phase1.
Sun Dec 16 22:21:57 2012 (GMT +0100): [Cisco] [IKE] ERROR: Phase 1 negotiation failed due to time up for 217.208.42.68[500]. 2aa7a1ae5eba2642:0000000000000000
The IPSec tunnel is created with the wizard,
Select VPN Type:
Site to Site
Enable Cisco VPN Client:
Blank / marked gray
Connection Name and Remote IP Type:
What is the new Connection Name?
Testx
What is the pre-shared key?
1234567890
Local WAN Interface:
Dedicated Wan
Remote Gateway Type:
IP Adress
Remote WAN's IP Address / FQDN:
Site A - xx.xx.42.68 / Site B - xx.xx.141.112
Local Gateway Type: IP Address
Local WAN's IP Address / FQDN:
Site A - xx.xx.42.68 / Site B - xx.xx.141.112
Secure Connection Remote Accessibility
Remote LAN IP Address:
Site A - 192.168.93.0 / Site B - 192.168.94.0
Remote LAN Subnet Mask:
255.255.255.0
12-20-2012 08:50 AM
the error:
Invalid SA protocol type: 0
directs that the ID type is not matching. Since the tuneel is in main mode you need to check the ID types. You have to use the IP address as the ID type.
You may check the defaults at:
To view the basic setting defaults that are configured by the Wizard, click VPN on
the menu bar, and then click IPsec > Basic Setting Defaults.
also
NOTE If you choose Main Mode, then you must use an IP address as the
identifier type for both the Local device and the Remote device
You may follow the guide as below:
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide