config site-site vpn between cisco router and watchguard firebox700

Unanswered Question
Feb 24th, 2007

i need to config ipsec site-site vpn betweent cisco 3745 router and watchguard firebox700.after configuration, i check the phaseI between 3745 and firebox700 already setting up,C3745 gives log below:

Feb 25 2007 08:25:29: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Quick mode failed with peer at 220.*.*.175

Feb 25 2007 08:26:19: IPSEC(validate_proposal_request): proposal part #1,

(key eng. msg.) INBOUND local= 172.16.1.12, remote= 220.200.1.175,

local_proxy= 172.16.251.1/255.255.255.255/0/0 (type=1),

remote_proxy= 172.16.251.98/255.255.255.255/0/0 (type=1),

protocol= ESP, transform= esp-3des esp-sha-hmac (unknown),

lifedur= 0s and 0kb,

spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x0

Feb 25 2007 08:26:19: IPSEC(validate_transform_proposal): transform proposal not supported for identity:

{esp-3des esp-sha-hmac }

pls help me solve this problem,my ios version is c3745-advipservicesk9-mz.123-14.T7.bin Firebox running version 7.3

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
lylyong Sun, 02/25/2007 - 16:55

yeah,i have checked ,both side in ipsec phaseII use esp-3des esp-sha-hmac .i think the key point is here "protocol= ESP, transform= esp-3des esp-sha-hmac (unknown)".i use "show crypto isakmp sa " command in C3745,it shows below

172.16.1.12 220.200.1.175 QM_IDLE 623 0 ACTIVE

Actions

This Discussion