Re: VPN between ASA and router

jasonww04 · ‎04-21-2011

I've gone over the configs about a dozen times and I can't see what is wrong. Phase 1 doesn't complete and the router's debug just says "Notify has no hash. Rejected." However, before it gets to that it says the atts are acceptable.

I've attached the router and asa configs.

andamani · ‎04-21-2011

Hi,

Looks like the hash is missing from the crypto policies.

please do the following on the router:

conf t

crypto isakmp policy 10
hash sha

crypto isakmp policy 30
hash sha

Hope this helps.

Regards,
Anisha

P.S.: please mark this thread as answered if you feel your query is resolved. Do rate helpful posts.

jasonww04 · ‎04-21-2011

hash sha is in the policy, it just doesn't show in the running-config for some reason. I added it again to make sure and the debug gives the same results:

atts are acceptable

Notify has no hash. Rejected.

jasonww04 · ‎05-02-2011

The problem was the tunnel-group name.

It has to be the IP address of the peer.

Alex Pfeil · ‎08-23-2016

I recently had this same issue.

I was seeing this log: CRYPTO-6-IKMP_NOT_ENCRYPTED -- was not encrypted and it should've been.

I deleted the ASA site-to-site connection profile and re-created it with the peer and connection name the same (IP address of the peer) without changing anything else.

Connection established right away.

Thanks for posting this, even 5 years ago still helping me.

Thanks,

Alex