Encryption algorithm offered does not match policy

Unanswered Question
Aug 20th, 2007
User Badges:

Cisco IOS Software, C870 Software (C870-ADVIPSERVICESK9-M), Version 12.4(15)T1.


VPN Client Version 4.8.02.0010


Dear Friends,


Configured vpn gateway to accept remote access connections from VPN client. Am receiving the above tittled error. Would deeply appreciate someones help on this.


Attached is the router config and error message received when issued the command debug crypto isakmp.


Regards,

Sunoj



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Richard Burts Tue, 08/21/2007 - 02:30
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Sunoj


I am a bit puzzled about what you have posted. The error messages show 14 different transforms being attempted but the config that you posted shows only a single transform. Are these error messages really being generated on the router that has this configuration?


HTH


Rick

shjengschool Tue, 08/21/2007 - 04:31
User Badges:

Yes. Doesn't those attempts means it tried 14 times for the policy 10 and then moved to the default policy?

Richard Burts Tue, 08/21/2007 - 07:22
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Sunoj


It is not just that it tries 14 times but each of those 14 are a unique combination of encapsulation, hash, authentication, etc. Where are the 14 variations within the transform set?


I have found that very occasionally the behavior of a router will differ from what is shown in the config (and frequently seems to reflect confusion about this that were inserted into the config, changed, and/or deleted from the confi during testing). In those cases I have found that it frequently is helpful to save the config, reboot the router and see if the behavior changes. Are you in a position to reboot this router and try the VPN again?


HTH


Rick

Actions

This Discussion