VPN not working

swarner77 · ‎08-20-2014

I had a functioning VPN but noticed an erroneous static route (shouldn't have been there) so I removed it with

no route outside 0 0 108.74.0.169 and then the VPN stopped functioning.

The errors Im seeing are:

3

Aug 20 2014

10:48:06

IP = 108.74.0.169, Error processing payload: Payload ID: 1

5

Aug 20 2014

10:48:06

Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Group 2 Cfg'd: Group 1

5

Aug 20 2014

10:48:06

Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Group 2 Cfg'd: Group 1

If I change the group from 1 to 2 then the tunnel comes up

1 IKE Peer: 108.74.0.169
Type : L2L Role : responder
Rekey : no State : MM_ACTIVE

However I am still not able to see the other side or ping devices on the other side.

What do I need to do ?

nkarthikeyan · ‎08-21-2014

Hi,

do you have connected your peers directly to each other? anyways thats okay....

Okay... Because the negotiation happening with group 2 ikevx/isakmp policy.... might be it negotiates with the default crypto ike/isakmp policy......

but anyways your phase 1 seems to be up and can you check on the phase 2 parameters?

sh crypto ipsec sa and check if encaps and decaps happening properly or not..

Regards

Karthik

zeuscyril · ‎08-21-2014

issue on the phase2 only , if phase1 up itself you will get MM_Active message on the sh cry isakmp sa, but

check sh crypto ipsec sa nothing will be there. check the proxy ACL is corrrect.

if you can share config easy to find the problem