The proxy identity refers to the ACLs you are using on
the peers. Make sure that these ACLs are EXACT
reversal of each other. For example:
router 1: Access-list 111 permit IP 10.1.1.0
0.0.0.255 192.168.1.0 0.0.0.255
router 2: Access-list 120 permit IP 192.168.1.0
0.0.0.255 10.1.1.0 0.0.0.255
Anything in-consistant there will mess it up. Also a
part of this phase is the transform-set exchange (your
ESPs and AHs) it has to be identical also.
Thing to remember: the ACL not only defines
"interesting" traffic for the tunnel but it is used as
a part of the authentication.
Moe.
--- Rizzo Damian <[EMAIL PROTECTED]> wrote:
> I'm having some problems with a cisco-cisco IPsec
> setup that is utilizing
> private addresses on both ends of the SA with public
> addressing in between.
> When the SA begins to be established, IKE works fine
> - but the IPsec SA
> fails with the note 'proxy identities not
> supported'.
>
> What does 'proxy identity' refer to? I can't seem to
> find any reference to
> it in the RFCs. Thanks.
>
>
> _________________________________
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]
=====
_____________________________________________
Moe Tavakoli
__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail.
http://personal.mail.yahoo.com/
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
