Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
583
Views
0
Helpful
1
Replies

Problems creating a ikv1 ipsec tunnel with a 3945 and a 8300

jason.menningen
Level 1
Level 1

‎03-04-2024 01:14 PM

Hi, I have a some ikev1 ipsec tunnels to remote locations and we are replacing our 3945s with 8300s.  The issue is that we are currently using a ipsec transform-set with both ah and esp.  IOS-XE does not support that.  The goal is to configure the remote router locally, ship it, and then have on-site support physically install and then move the cables over.  The hope was to use the same VPN tunnel configs on the local router and when the new remote router was connected the tunnel would come just come up.  Unfortunately our current tunnel is using a ipsec transform-set of: ah-sha256-hmac esp-aes 256 esp-sha256-hmac.  

Is there anyway to get the tunnel up on my new router while the local retains its current config?

current crypto 3945 configs:
crypto isakmp policy 10
encr aes 256
hash sha256
authentication pre-share
group 14

crypto isakmp key XXXXX address xxx.xxx.xxx.xxx

crypto ipsec transform-set xxxxxx ah-sha256-hmac esp-aes 256 esp-sha256-hmac
mode tunnel

crypto map xxxx 20 20 ipsec-isakmp
set peer xxx.xxx.xxx.xxx
set transform-set xxxxxx
set pfs group14
match address 123

Labels:
0 Helpful
1 Reply 1

MHM Cisco World
VIP
VIP

‎03-04-2024 01:54 PM

NO way you need to match phaseI and phaseII SA 

MHM

0 Helpful
Customers Also Viewed These Support Documents