VPN tunnel debug out put

Unanswered Question
Feb 25th, 2007


We are facing some problem with VPN tunnel from router to router.

We are forming tunnel from R1 to R2 on loopback address. It was working ok and suddenly it is showing status as down.

I am attaching debug cry ipsec output here in text mode.

Here we suspect :

Feb 26 11:02:40.779: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!

Coincidently it was working and suddenly gone down.

Thanks and advance


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
kaachary Mon, 02/26/2007 - 01:49


The Phase 1 attributes are matching, so thats not an issue. It seems to be an issue with the pre-shared key.

Try resetting pre-shared key on both the ends.

Hope this helps.


Kamal Malhotra Thu, 03/08/2007 - 07:13


As per the debugs, it seems that you are using certs for the authentication which is failing and a possible reason is the cert on one end has expired. Please check the validity of the cert.


Please rate if it helps,



puagarwa Tue, 03/20/2007 - 17:29

I think the phase 1 policies are not configured on the router whose debugs are attached, do you really wanna do isakmp authentication with certificates or you have pre-shared key configured? please configure the phase 1 policy matching teh remote peer.

what re the debugs on the remote peer, is it possible for you paste the config on both the sides??


This Discussion