need a hand with a IPSEC tunnel [7:8703]
Any of you that have used ipsec with the Cisco box, could you shed some light on this matter. For some reason I cant get pass phase one. All of the perameters seem to match up. Here is the log. 2d18h: ISAKMP: encryption DES-CBC 2d18h: ISAKMP: hash MD5 2d18h: ISAKMP: default group 1 2d18h: ISAKMP: auth pre-share 2d18h: ISAKMP: life type in seconds 2d18h: ISAKMP: life duration (basic) of 720 2d18h: ISAKMP (0:1): atts are not acceptable. Next payload is 0 2d18h: ISAKMP (0:1): Checking ISAKMP transform 1 against priority 65535 policy 2d18h: ISAKMP: encryption DES-CBC 2d18h: ISAKMP: hash MD5 2d18h: ISAKMP: default group 1 2d18h: ISAKMP: auth pre-share 2d18h: ISAKMP: life type in seconds 2d18h: ISAKMP: life duration (basic) of 720 2d18h: ISAKMP (0:1): atts are not acceptable. Next payload is 0 2d18h: ISAKMP (0:1): no offers accepted! 2d18h: ISAKMP (0:1): SA not acceptable! 2d18h: ISAKMP (0:1): incrementing error counter on sa: PROPOSAL_NOT_CHOSEN 2d18h: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Main mode failed with peer at 1 92.128.101.16 2d18h: ISAKMP (1): sending packet to 192.128.101.16 (R) MM_NO_STATE 2d18h: ISAKMP (0): received packet from 192.128.101.16 (N) NEW SA Derek S. Winchester IPSS Network Engineer IP Services Business Unit Lucent Technologies Phone: 978-298-2143 Cell: 978-973-4561 Fax: 978-298-2006 [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=8703t=8703 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: need a hand with a IPSEC tunnel [7:8703]
Derek, Could you add some lines of the configuration? it might help us help you... what are you trying to peer with? another router? a vpn client? a pix? Winchester, Derek wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Any of you that have used ipsec with the Cisco box, could you shed some light on this matter. For some reason I cant get pass phase one. All of the perameters seem to match up. Here is the log. 2d18h: ISAKMP: encryption DES-CBC 2d18h: ISAKMP: hash MD5 2d18h: ISAKMP: default group 1 2d18h: ISAKMP: auth pre-share 2d18h: ISAKMP: life type in seconds 2d18h: ISAKMP: life duration (basic) of 720 2d18h: ISAKMP (0:1): atts are not acceptable. Next payload is 0 2d18h: ISAKMP (0:1): Checking ISAKMP transform 1 against priority 65535 policy 2d18h: ISAKMP: encryption DES-CBC 2d18h: ISAKMP: hash MD5 2d18h: ISAKMP: default group 1 2d18h: ISAKMP: auth pre-share 2d18h: ISAKMP: life type in seconds 2d18h: ISAKMP: life duration (basic) of 720 2d18h: ISAKMP (0:1): atts are not acceptable. Next payload is 0 2d18h: ISAKMP (0:1): no offers accepted! 2d18h: ISAKMP (0:1): SA not acceptable! 2d18h: ISAKMP (0:1): incrementing error counter on sa: PROPOSAL_NOT_CHOSEN 2d18h: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Main mode failed with peer at 1 92.128.101.16 2d18h: ISAKMP (1): sending packet to 192.128.101.16 (R) MM_NO_STATE 2d18h: ISAKMP (0): received packet from 192.128.101.16 (N) NEW SA Derek S. Winchester IPSS Network Engineer IP Services Business Unit Lucent Technologies Phone: 978-298-2143 Cell: 978-973-4561 Fax: 978-298-2006 [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=8724t=8703 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: need a hand with a IPSEC tunnel [7:8703]
I think there is a problem with bad encryption or password. Both side must have the same encryption,hash, and first of all password when you use pre-share. Gonzalo P. wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Derek, Could you add some lines of the configuration? it might help us help you... what are you trying to peer with? another router? a vpn client? a pix? Winchester, Derek wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Any of you that have used ipsec with the Cisco box, could you shed some light on this matter. For some reason I cant get pass phase one. All of the perameters seem to match up. Here is the log. 2d18h: ISAKMP: encryption DES-CBC 2d18h: ISAKMP: hash MD5 2d18h: ISAKMP: default group 1 2d18h: ISAKMP: auth pre-share 2d18h: ISAKMP: life type in seconds 2d18h: ISAKMP: life duration (basic) of 720 2d18h: ISAKMP (0:1): atts are not acceptable. Next payload is 0 2d18h: ISAKMP (0:1): Checking ISAKMP transform 1 against priority 65535 policy 2d18h: ISAKMP: encryption DES-CBC 2d18h: ISAKMP: hash MD5 2d18h: ISAKMP: default group 1 2d18h: ISAKMP: auth pre-share 2d18h: ISAKMP: life type in seconds 2d18h: ISAKMP: life duration (basic) of 720 2d18h: ISAKMP (0:1): atts are not acceptable. Next payload is 0 2d18h: ISAKMP (0:1): no offers accepted! 2d18h: ISAKMP (0:1): SA not acceptable! 2d18h: ISAKMP (0:1): incrementing error counter on sa: PROPOSAL_NOT_CHOSEN 2d18h: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Main mode failed with peer at 1 92.128.101.16 2d18h: ISAKMP (1): sending packet to 192.128.101.16 (R) MM_NO_STATE 2d18h: ISAKMP (0): received packet from 192.128.101.16 (N) NEW SA Derek S. Winchester IPSS Network Engineer IP Services Business Unit Lucent Technologies Phone: 978-298-2143 Cell: 978-973-4561 Fax: 978-298-2006 [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=8728t=8703 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: need a hand with a IPSEC tunnel [7:8703]
Seem like you crypo isakmp policy doesn't match and it try the default and still don't work. Make sure your crypto isakmp policy match. By typing and check R3#show crypto isakmp policy Default protection suite encryption algorithm: DES - Data Encryption Standard (56 bit keys). hash algorithm: Secure Hash Standard authentication method: Rivest-Shamir-Adleman Signature Diffie-Hellman group: #1 (768 bit) lifetime: 86400 seconds, no volume limit Winchester, Derek wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Any of you that have used ipsec with the Cisco box, could you shed some light on this matter. For some reason I cant get pass phase one. All of the perameters seem to match up. Here is the log. 2d18h: ISAKMP: encryption DES-CBC 2d18h: ISAKMP: hash MD5 2d18h: ISAKMP: default group 1 2d18h: ISAKMP: auth pre-share 2d18h: ISAKMP: life type in seconds 2d18h: ISAKMP: life duration (basic) of 720 2d18h: ISAKMP (0:1): atts are not acceptable. Next payload is 0 2d18h: ISAKMP (0:1): Checking ISAKMP transform 1 against priority 65535 policy 2d18h: ISAKMP: encryption DES-CBC 2d18h: ISAKMP: hash MD5 2d18h: ISAKMP: default group 1 2d18h: ISAKMP: auth pre-share 2d18h: ISAKMP: life type in seconds 2d18h: ISAKMP: life duration (basic) of 720 2d18h: ISAKMP (0:1): atts are not acceptable. Next payload is 0 2d18h: ISAKMP (0:1): no offers accepted! 2d18h: ISAKMP (0:1): SA not acceptable! 2d18h: ISAKMP (0:1): incrementing error counter on sa: PROPOSAL_NOT_CHOSEN 2d18h: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Main mode failed with peer at 1 92.128.101.16 2d18h: ISAKMP (1): sending packet to 192.128.101.16 (R) MM_NO_STATE 2d18h: ISAKMP (0): received packet from 192.128.101.16 (N) NEW SA Derek S. Winchester IPSS Network Engineer IP Services Business Unit Lucent Technologies Phone: 978-298-2143 Cell: 978-973-4561 Fax: 978-298-2006 [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=8739t=8703 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: need a hand with a IPSEC tunnel [7:8703]
here are your key indicators 2d18h: ISAKMP (0:1): atts are not acceptable. Next payload is 0 means that something in the following list needs to be coordinated with the other end: 2d18h: ISAKMP: encryption DES-CBC 2d18h: ISAKMP: hash MD5 2d18h: ISAKMP: default group 1 2d18h: ISAKMP: auth pre-share 2d18h: ISAKMP: life type in seconds 2d18h: ISAKMP: life duration (basic) of 720 In your crypto policy configuation, you have those values to match the far end - example crypto isakmp policy 12 encr 3des hash md5 authentication pre-share group 2 lifetime 28800 hth -e- - Original Message - From: Winchester, Derek To: Sent: Friday, June 15, 2001 8:13 AM Subject: need a hand with a IPSEC tunnel [7:8703] Any of you that have used ipsec with the Cisco box, could you shed some light on this matter. For some reason I cant get pass phase one. All of the perameters seem to match up. Here is the log. 2d18h: ISAKMP: encryption DES-CBC 2d18h: ISAKMP: hash MD5 2d18h: ISAKMP: default group 1 2d18h: ISAKMP: auth pre-share 2d18h: ISAKMP: life type in seconds 2d18h: ISAKMP: life duration (basic) of 720 2d18h: ISAKMP (0:1): atts are not acceptable. Next payload is 0 2d18h: ISAKMP (0:1): Checking ISAKMP transform 1 against priority 65535 policy 2d18h: ISAKMP: encryption DES-CBC 2d18h: ISAKMP: hash MD5 2d18h: ISAKMP: default group 1 2d18h: ISAKMP: auth pre-share 2d18h: ISAKMP: life type in seconds 2d18h: ISAKMP: life duration (basic) of 720 2d18h: ISAKMP (0:1): atts are not acceptable. Next payload is 0 2d18h: ISAKMP (0:1): no offers accepted! 2d18h: ISAKMP (0:1): SA not acceptable! 2d18h: ISAKMP (0:1): incrementing error counter on sa: PROPOSAL_NOT_CHOSEN 2d18h: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Main mode failed with peer at 1 92.128.101.16 2d18h: ISAKMP (1): sending packet to 192.128.101.16 (R) MM_NO_STATE 2d18h: ISAKMP (0): received packet from 192.128.101.16 (N) NEW SA Derek S. Winchester IPSS Network Engineer IP Services Business Unit Lucent Technologies Phone: 978-298-2143 Cell: 978-973-4561 Fax: 978-298-2006 [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=8744t=8703 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]