Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
465
Views
0
Helpful
1
Replies

site to site on PIX with PAT

rpaolet
Level 1
Level 1

‎06-08-2004 02:43 AM

Hello,

i've made a VPN site-to-site between PIXs and i use the pat for my network.

i use the ACL for traffic encapsulation and the peer goes up but it doesn't work:

ISAKMP (0:0): Detected NAT-D payload

ISAKMP (0:0): NAT does not match MINE hash

hash received: e1 2b 8b f0 de 15 18 a5 18 3b 1 7d 16 1d c3 22 a6 8 68 2b

my nat hash : 7d 44 e6 f7 66 19 dd d5 ec 9e 9d 4f 1b 11 a9 8d 35 fb 33 d0

ISAKMP (0:0): Detected NAT-D payload

ISAKMP (0:0): NAT does not match HIS hash

hash received: 6b a2 2f 40 6b d1 51 59 76 1c 7 4a f4 db 87 b8 79 cc cb ca

his nat hash : 9 c8 d3 d3 58 44 27 d0 ba a2 ba 6f 15 1d d9 f6 9c 1c a8 39

ISAKMP (0:0): constructed HIS NAT-D

ISAKMP (0:0): constructed MINE NAT-D

return status is IKMP_NO_ERROR

I ping the end host and i see the echo-request and echo-reply from end host , but the host starts ping doesn't recieve the echo-reply.

Can anyone help me??

Regards

Roberto

Labels:
0 Helpful
1 Reply 1

umedryk
Level 5
Level 5

‎06-14-2004 07:12 AM

Cisco VPN will not work with Microsoft authentication protocols like MS-CHAP v2, MS-CHAP, CHAP, only works with PAP, FYI.

0 Helpful
Customers Also Viewed These Support Documents