04-21-2011 07:55 AM
I've gone over the configs about a dozen times and I can't see what is wrong. Phase 1 doesn't complete and the router's debug just says "Notify has no hash. Rejected." However, before it gets to that it says the atts are acceptable.
I've attached the router and asa configs.
04-21-2011 08:19 AM
Hi,
Looks like the hash is missing from the crypto policies.
please do the following on the router:
conf t
crypto isakmp policy 10
hash sha
crypto isakmp policy 30
hash sha
Hope this helps.
Regards,
Anisha
P.S.: please mark this thread as answered if you feel your query is resolved. Do rate helpful posts.
04-21-2011 08:36 AM
hash sha is in the policy, it just doesn't show in the running-config for some reason. I added it again to make sure and the debug gives the same results:
atts are acceptable
Notify has no hash. Rejected.
05-02-2011 10:53 AM
The problem was the tunnel-group name.
It has to be the IP address of the peer.
08-23-2016 07:37 AM
I recently had this same issue.
I was seeing this log: CRYPTO-6-IKMP_NOT_ENCRYPTED -- was not encrypted and it should've been.
I deleted the ASA site-to-site connection profile and re-created it with the peer and connection name the same (IP address of the peer) without changing anything else.
Connection established right away.
Thanks for posting this, even 5 years ago still helping me.
Thanks,
Alex
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide