Tunnel Issues

Unanswered Question
Feb 1st, 2008

here's a brief description , we have 2 routers that were working for at least 2 years sudenly a couple of days ago we got this message and the tunnel didnt pass any traffic.

%CRYPTO-6-IKMP_CRYPT_FAILURE: IKE (connection id 268435457) unable to decrypt (w/RSA private key) packet

we removed the crypto map and everything is working now , the only config changed because a company requeriment was a line , one of the routers used to have no ip domain lookup and the change was setting to ip domain lookup nothing else was done , any ideas was caused the failure???

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
f.aoun Fri, 02/01/2008 - 06:46

check if isakmp identity is hostname not address.

eperezrdz Fri, 02/01/2008 - 06:56

Thanks for the reply ¡ , this is before:

no ip domain-lookup

ip domain-name xxxxxxxxx.com

!

crypto isakmp policy 10

encr 3des

authentication rsa-encr

group 2

!

!

crypto ipsec transform-set xxxx-trans ah-sha-hmac esp-3des

crypto ipsec df-bit clear

!

crypto map xxxxxxx 10 ipsec-isakmp

set peer 1x.xxx.xx.x

set security-association level per-host

set transform-set xxxx-trans

match address xxxxxxxxxx

!

!

crypto key pubkey-chain rsa

addressed-key xx.xxx.xxx.xxx encryption

address 1x.xxx.xx.x

This is afeter:

ip domain-name xxxxx.com

!

crypto isakmp policy 10

encr 3des

authentication rsa-encr

group 2

!

!

crypto ipsec transform-set xxxx-trans ah-sha-hmac esp-3des

crypto ipsec df-bit clear

!

crypto map xxxxxx 10 ipsec-isakmp

set peer xx.xxx.xx.x set security-association level per-host

set transform-set xxxxx-trans

match address xxxxx

!

!

crypto key pubkey-chain rsa

addressed-key xx.xxx.xxx.xx encryption

address xx.xxx.x.x

key-string

Any more toughts?? how to check what you suggest me??

Actions

This Discussion