12-05-2018 10:50 AM - edited 12-06-2018 10:11 AM
EDIT: Thanks for the help! I fixed the configuration and all has been fixed.
Solved! Go to Solution.
12-05-2018 02:57 PM
12-05-2018 02:57 PM
12-05-2018 03:02 PM
Hi,
My first reply was marked as spam for some reason!
The configuration of the crypto maps are different, you need to make sure they match. I'd recommend removing "ikev1 phase1-mode aggressive" command from the FW2 firewall and add "pfs" to the FW1 configuration.
FW1
crypto map outside_map 1 match address outside_cryptomap_2
crypto map outside_map 1 set peer aa.aa.aa.aa
crypto map outside_map 1 set ikev1 transform-set AES-256-SHA
crypto map outside_map interface outside
FW2
crypto map outside_map 11 match address management_cryptomap_2
crypto map outside_map 11 set pfs
crypto map outside_map 11 set peer cc.cc.cc.cc
crypto map outside_map 11 set ikev1 phase1-mode aggressive
crypto map outside_map 11 set ikev1 transform-set AES-256-SHA
HTH
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide