srue Thu, 06/21/2007 - 12:14
User Badges:
  • Blue, 1500 points or more

possible transform set mismatch on phase 2.

in the pix, this will be the command's related to something like:

crypto map VPN 20 set transform-set 3desSHA

in the concentrator, it will be found on the main config page for a L2L setup under:

Encryption and Authentication (not the IKE Proposal setting)

or, in the concentrator

configuration--> policy mgmt -->traffic mgmt - SA's--> find the IPSEC SA for this connection and modify

pklein222 Fri, 06/22/2007 - 07:03
User Badges:

I am thinking that as well. I have verified a couple of times the config on the concentrator, however, I only have part of what the other Pix has and something is bugging me. He setup his transform-set as IPSEC-3DES-MD5, instead of what I am used to seeing ESP-3DES-MD5. Personally never heard of IPSEC-3DES-MD5, however, I am no expert, just someone with some experience. What's your take on this?

pklein222 Fri, 06/22/2007 - 08:23
User Badges:

Never mind my last post, it's just the name he gave his transform set. I took a look at his parameters again and he has used esp-3des esp-md5-hmac. Still trying to find the Phase 2 mismatch.


This Discussion