need a hand with a IPSEC tunnel [7:8703]
Any of you that have used ipsec with the Cisco box, could you shed some light on this matter. For some reason I cant get pass phase one. All of the perameters seem to match up. Here is the log. 2d18h: ISAKMP: encryption DES-CBC 2d18h: ISAKMP: hash MD5 2d18h: ISAKMP: default group 1 2d18h: ISAKMP: auth pre-share 2d18h: ISAKMP: life type in seconds 2d18h: ISAKMP: life duration (basic) of 720 2d18h: ISAKMP (0:1): atts are not acceptable. Next payload is 0 2d18h: ISAKMP (0:1): Checking ISAKMP transform 1 against priority 65535 policy 2d18h: ISAKMP: encryption DES-CBC 2d18h: ISAKMP: hash MD5 2d18h: ISAKMP: default group 1 2d18h: ISAKMP: auth pre-share 2d18h: ISAKMP: life type in seconds 2d18h: ISAKMP: life duration (basic) of 720 2d18h: ISAKMP (0:1): atts are not acceptable. Next payload is 0 2d18h: ISAKMP (0:1): no offers accepted! 2d18h: ISAKMP (0:1): SA not acceptable! 2d18h: ISAKMP (0:1): incrementing error counter on sa: PROPOSAL_NOT_CHOSEN 2d18h: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Main mode failed with peer at 1 92.128.101.16 2d18h: ISAKMP (1): sending packet to 192.128.101.16 (R) MM_NO_STATE 2d18h: ISAKMP (0): received packet from 192.128.101.16 (N) NEW SA Derek S. Winchester IPSS Network Engineer IP Services Business Unit Lucent Technologies Phone: 978-298-2143 Cell: 978-973-4561 Fax: 978-298-2006 [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=8703&t=8703 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: need a hand with a IPSEC tunnel [7:8703]
Derek, Could you add some lines of the configuration? it might help us help you... what are you trying to peer with? another router? a vpn client? a pix? ""Winchester, Derek"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Any of you that have used ipsec with the Cisco box, could you shed some > light on this matter. For some reason I cant get pass phase one. All of the > perameters seem to match up. Here is the log. > > > 2d18h: ISAKMP: encryption DES-CBC > 2d18h: ISAKMP: hash MD5 > 2d18h: ISAKMP: default group 1 > 2d18h: ISAKMP: auth pre-share > 2d18h: ISAKMP: life type in seconds > 2d18h: ISAKMP: life duration (basic) of 720 > 2d18h: ISAKMP (0:1): atts are not acceptable. Next payload is 0 > 2d18h: ISAKMP (0:1): Checking ISAKMP transform 1 against priority 65535 > policy > 2d18h: ISAKMP: encryption DES-CBC > 2d18h: ISAKMP: hash MD5 > 2d18h: ISAKMP: default group 1 > 2d18h: ISAKMP: auth pre-share > 2d18h: ISAKMP: life type in seconds > 2d18h: ISAKMP: life duration (basic) of 720 > 2d18h: ISAKMP (0:1): atts are not acceptable. Next payload is 0 > 2d18h: ISAKMP (0:1): no offers accepted! > 2d18h: ISAKMP (0:1): SA not acceptable! > 2d18h: ISAKMP (0:1): incrementing error counter on sa: PROPOSAL_NOT_CHOSEN > 2d18h: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Main mode failed with peer > at 1 > 92.128.101.16 > 2d18h: ISAKMP (1): sending packet to 192.128.101.16 (R) MM_NO_STATE > 2d18h: ISAKMP (0): received packet from 192.128.101.16 (N) NEW SA > > Derek S. Winchester > IPSS Network Engineer > IP Services Business Unit > Lucent Technologies > Phone: 978-298-2143 > Cell: 978-973-4561 > Fax: 978-298-2006 > [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=8724&t=8703 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: need a hand with a IPSEC tunnel [7:8703]
I think there is a problem with bad encryption or password. Both side must have the same encryption,hash, and first of all password when you use pre-share. ""Gonzalo P."" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Derek, > >Could you add some lines of the configuration? it might help us help > you... > > what are you trying to peer with? another router? a vpn client? a pix? > > > ""Winchester, Derek"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Any of you that have used ipsec with the Cisco box, could you shed some > > light on this matter. For some reason I cant get pass phase one. All of > the > > perameters seem to match up. Here is the log. > > > > > > 2d18h: ISAKMP: encryption DES-CBC > > 2d18h: ISAKMP: hash MD5 > > 2d18h: ISAKMP: default group 1 > > 2d18h: ISAKMP: auth pre-share > > 2d18h: ISAKMP: life type in seconds > > 2d18h: ISAKMP: life duration (basic) of 720 > > 2d18h: ISAKMP (0:1): atts are not acceptable. Next payload is 0 > > 2d18h: ISAKMP (0:1): Checking ISAKMP transform 1 against priority 65535 > > policy > > 2d18h: ISAKMP: encryption DES-CBC > > 2d18h: ISAKMP: hash MD5 > > 2d18h: ISAKMP: default group 1 > > 2d18h: ISAKMP: auth pre-share > > 2d18h: ISAKMP: life type in seconds > > 2d18h: ISAKMP: life duration (basic) of 720 > > 2d18h: ISAKMP (0:1): atts are not acceptable. Next payload is 0 > > 2d18h: ISAKMP (0:1): no offers accepted! > > 2d18h: ISAKMP (0:1): SA not acceptable! > > 2d18h: ISAKMP (0:1): incrementing error counter on sa: PROPOSAL_NOT_CHOSEN > > 2d18h: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Main mode failed with > peer > > at 1 > > 92.128.101.16 > > 2d18h: ISAKMP (1): sending packet to 192.128.101.16 (R) MM_NO_STATE > > 2d18h: ISAKMP (0): received packet from 192.128.101.16 (N) NEW SA > > > > Derek S. Winchester > > IPSS Network Engineer > > IP Services Business Unit > > Lucent Technologies > > Phone: 978-298-2143 > > Cell: 978-973-4561 > > Fax: 978-298-2006 > > [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=8728&t=8703 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: need a hand with a IPSEC tunnel [7:8703]
Seem like you crypo isakmp policy doesn't match and it try the default and still don't work. Make sure your crypto isakmp policy match. By typing and check R3#show crypto isakmp policy Default protection suite encryption algorithm: DES - Data Encryption Standard (56 bit keys). hash algorithm: Secure Hash Standard authentication method: Rivest-Shamir-Adleman Signature Diffie-Hellman group: #1 (768 bit) lifetime: 86400 seconds, no volume limit ""Winchester, Derek"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Any of you that have used ipsec with the Cisco box, could you shed some > light on this matter. For some reason I cant get pass phase one. All of the > perameters seem to match up. Here is the log. > > > 2d18h: ISAKMP: encryption DES-CBC > 2d18h: ISAKMP: hash MD5 > 2d18h: ISAKMP: default group 1 > 2d18h: ISAKMP: auth pre-share > 2d18h: ISAKMP: life type in seconds > 2d18h: ISAKMP: life duration (basic) of 720 > 2d18h: ISAKMP (0:1): atts are not acceptable. Next payload is 0 > 2d18h: ISAKMP (0:1): Checking ISAKMP transform 1 against priority 65535 > policy > 2d18h: ISAKMP: encryption DES-CBC > 2d18h: ISAKMP: hash MD5 > 2d18h: ISAKMP: default group 1 > 2d18h: ISAKMP: auth pre-share > 2d18h: ISAKMP: life type in seconds > 2d18h: ISAKMP: life duration (basic) of 720 > 2d18h: ISAKMP (0:1): atts are not acceptable. Next payload is 0 > 2d18h: ISAKMP (0:1): no offers accepted! > 2d18h: ISAKMP (0:1): SA not acceptable! > 2d18h: ISAKMP (0:1): incrementing error counter on sa: PROPOSAL_NOT_CHOSEN > 2d18h: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Main mode failed with peer > at 1 > 92.128.101.16 > 2d18h: ISAKMP (1): sending packet to 192.128.101.16 (R) MM_NO_STATE > 2d18h: ISAKMP (0): received packet from 192.128.101.16 (N) NEW SA > > Derek S. Winchester > IPSS Network Engineer > IP Services Business Unit > Lucent Technologies > Phone: 978-298-2143 > Cell: 978-973-4561 > Fax: 978-298-2006 > [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=8739&t=8703 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: need a hand with a IPSEC tunnel [7:8703]
here are your key indicators > 2d18h: ISAKMP (0:1): atts are not acceptable. Next payload is 0 means that something in the following list needs to be coordinated with the other end: > 2d18h: ISAKMP: encryption DES-CBC > 2d18h: ISAKMP: hash MD5 > 2d18h: ISAKMP: default group 1 > 2d18h: ISAKMP: auth pre-share > 2d18h: ISAKMP: life type in seconds > 2d18h: ISAKMP: life duration (basic) of 720 In your crypto policy configuation, you have those values to match the far end - example crypto isakmp policy 12 encr 3des hash md5 authentication pre-share group 2 lifetime 28800 hth -e- - Original Message - From: "Winchester, Derek" To: Sent: Friday, June 15, 2001 8:13 AM Subject: need a hand with a IPSEC tunnel [7:8703] > Any of you that have used ipsec with the Cisco box, could you shed some > light on this matter. For some reason I cant get pass phase one. All of the > perameters seem to match up. Here is the log. > > > 2d18h: ISAKMP: encryption DES-CBC > 2d18h: ISAKMP: hash MD5 > 2d18h: ISAKMP: default group 1 > 2d18h: ISAKMP: auth pre-share > 2d18h: ISAKMP: life type in seconds > 2d18h: ISAKMP: life duration (basic) of 720 > 2d18h: ISAKMP (0:1): atts are not acceptable. Next payload is 0 > 2d18h: ISAKMP (0:1): Checking ISAKMP transform 1 against priority 65535 > policy > 2d18h: ISAKMP: encryption DES-CBC > 2d18h: ISAKMP: hash MD5 > 2d18h: ISAKMP: default group 1 > 2d18h: ISAKMP: auth pre-share > 2d18h: ISAKMP: life type in seconds > 2d18h: ISAKMP: life duration (basic) of 720 > 2d18h: ISAKMP (0:1): atts are not acceptable. Next payload is 0 > 2d18h: ISAKMP (0:1): no offers accepted! > 2d18h: ISAKMP (0:1): SA not acceptable! > 2d18h: ISAKMP (0:1): incrementing error counter on sa: PROPOSAL_NOT_CHOSEN > 2d18h: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Main mode failed with peer > at 1 > 92.128.101.16 > 2d18h: ISAKMP (1): sending packet to 192.128.101.16 (R) MM_NO_STATE > 2d18h: ISAKMP (0): received packet from 192.128.101.16 (N) NEW SA > > Derek S. Winchester > IPSS Network Engineer > IP Services Business Unit > Lucent Technologies > Phone: 978-298-2143 > Cell: 978-973-4561 > Fax: 978-298-2006 > [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=8744&t=8703 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
