08-09-2006 05:51 AM
I have a router that I am trying to put in place of a working VPN concentrator to a remote site.
The tunnel is up and working on the concentrator.
Can someone check my config to see if there are any glaring errors?
The concentrator is configure for the following:
Authentication: ESP/SHA/HMAC-160
Encryption: 3DES-168
IKE Proposal: IKE-3DES-SHA-PSK
when I put the router in place of the COncentrator I get the following errors from debug:
*Aug 9 12:28:26.147: ISAKMP: received ke message (3/1)
*Aug 9 12:28:26.147: ISAKMP: ignoring request to send delete notify (no ISAKMP
sa) src 4.7.6.2 dst 2.2.4.6 for SPI 0x140FA849
*Aug 9 12:28:31.147: ISAKMP: received ke message (3/1)
*Aug 9 12:28:31.147: ISAKMP: ignoring request to send delete notify (no ISAKMP
sa) src 4.7.6.2 dst 2.2.4.6 for SPI 0x140FA849
*Aug 9 12:28:36.147: ISAKMP: received ke message (3/1)
*Aug 9 12:28:36.147: ISAKMP: ignoring request to send delete notify (no ISAKMP
sa) src 4.7.6.2 dst 2.2.4.6 for SPI 0x140FA849
*Aug 9 12:28:41.147: ISAKMP: received ke message (3/1)
*Aug 9 12:28:41.147: ISAKMP: ignoring request to send delete notify (no ISAKMP sa)
*Aug 9 12:29:36.615: %CRYPTO-4-IKMP_NO_SA: IKE message from 2.2.4.6 has
no SA and is not an initialization offer
08-09-2006 08:57 PM
Hi
Can you try keying in this command in your router conifg ?
crypto map map-name local-address interface-id
interface id will be your outside interface where you are applying the crypto map.
Also can you post the config of your pix firewall here so that the same can be checked.
regds
09-05-2006 09:34 PM
Hi,
I am suspecting the problum is with authentication praposal. Please change MD5 from SHA in to both IKE and IPSec praposal at both side.
Thanks,
Mustafa
09-09-2006 08:45 PM
I believe that initial setup for Phase One is missing an acl for esp and isakmp:
access-list 110 permit udp host 2.2.4.6 host 4.7.6.2 eq isakmp
access-list 110 permit esp host 2.2.4.6 host 4.7.6.2
and adding ip access-group 110 in
under the external address.
Good luck
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide