Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
507
Views
0
Helpful
1
Replies

ASA to IOS problem

isautospa
Level 1
Level 1

‎05-30-2007 09:19 AM - edited ‎02-21-2020 01:32 AM

Hi all,

I am facing a problem trying to establish a tunnel with one of our supplier.

Their side is terminated on a IOS router currently unknown type and version (should be 12.2 - 12.4), my side is an ASA 7.2(2), configurations are attached (at least the snippet of the IOS config I was sent).

Apparently Phase 1 completes correctly but P2 fails with "Received non-routine Notify message: No proposal chosen (14)", I also attach debug from ASA with " debug crypto isakmp 129" and "debug crypto ipsec 129".

I double checked transform sets and IKE policies.

BTW I never had to use static NAT AND IPSec as here (I was asked to do so by other side) , is that configuration really feasible?

Many thanx in advance...

Ivano

Preview file
30 KB
Preview file
2 KB
Preview file
6 KB
0 Helpful
1 Reply 1

sbilgi
Level 5
Level 5

‎06-05-2007 04:51 PM

I think you will need to remove the private ip address from the match address and leave the natted ones only. Following links may help you

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094a87.shtml

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094634.shtml

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card