Converting crypto map to unnumbered VTI

Unanswered Question
Nov 7th, 2007
User Badges:

I'm trying to convert a crypto map VPN to a ip unnumbered VTI. The crypto map has been working for months. The VTI... no so much. Here are the applicable config entries.

### original config


crypto isakmp policy 30

encr 3des

authentication pre-share

group 2


crypto isakmp key xxxxxxxx address


crypto ipsec transform-set 3DES-SHA esp-3des esp-sha-hmac


crypto map CRYPTO 50 ipsec-isakmp

set peer

set transform-set 3DES-SHA

set pfs group2

match address VPN1


ip access-list extended VPN1

permit ip host host

permit ip host host

I only removed the crypto map and added the following.

### New Config

crypto ipsec profile V1

set security-association lifetime seconds 28800

set transform-set 3DES-SHA

set pfs group2


interface Tunnel0

ip unnumbered FastEthernet0/0

ip nat outside

ip virtual-reassembly

tunnel source

tunnel destination

tunnel mode ipsec ipv4

tunnel protection ipsec profile V1

I keep getting this ISAKMP error now.

ISAKMP:(0:54:HW:2):deleting SA reason "Recevied fatal informational" state (I) QM_IDLE (peer

Any help would be greatly appreciated. Also... I have no idea what is running on the other end (it's a partner network), but I suspect it's a crypto map on IOS.

Thank you!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion