Re: [c-nsp] IPSec between Cisco and D-Link

Tony Varriale Fri, 12 Dec 2008 14:06:10 -0800

The transforms are fine and the debug says so.

The ACL/proxy setup is failing.

2d23h: ISAKMP (0:134217749): received packet from 217.x.x.x dport 500

sport

2d23h: ISAKMP:(0:21:SW:1): phase 2 SA policy not acceptable! (local

82.x.x.x

remote 217.x.x.x)

xxx#sh crypto map tag xxx
Crypto Map "xxx" 10 ipsec-isakmp
        Peer = 217.x.x.x
        Extended IP access list 111
            access-list 111 permit ip 192.168.200.0 0.0.0.255
192.168.0.0 0.0.0.255

Obviously 82.x and 217.x aren't the same as 192.168.200.0/24 and192.168.0.0/24

tv

----- Original Message -----From: "Mario Spinthiras" <[email protected]>

To: "Gamino, Rogelio (OCTO-Contractor)" <[email protected]>
Cc: <[email protected]>; "twisted mac" <[email protected]>
Sent: Friday, December 12, 2008 3:15 PM
Subject: Re: [c-nsp] IPSec between Cisco and D-Link

I dont think thats the problem. It looks like the transform sets don't
match. Don't forget that ACLs come prior to phase 2.

Regards,
Mario A. Spinthiras
http://www.spinthiras.net/
_______________________________________________
cisco-nsp mailing list  [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp

archive at http://puck.nether.net/pipermail/cisco-nsp/


_______________________________________________
cisco-nsp mailing list  [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] IPSec between Cisco and D-Link

Reply via email to