Pix 501 VPN question

Unanswered Question
Feb 6th, 2008


I have two pix 502 firewalls with an IPSEC L2L tunnel between them. The L2L tunnel establishes and is working fine. I added the dynamic VPN for road warriors to connect in but I get the following error

IPSEC(validate_transform_proposal): invalid local address

IPSEC(validate_proposal): transform proposal (prot 3, trans 3, hmac_alg 2) not s


Anyone got any ideas


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
husycisco Wed, 02/06/2008 - 13:54

Try this

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-md5-sha

clear config crypto dynamic-map outside_dyn_map 20

crypto dynamic-map outside_dyn_map 10 set transform-set ESP-3DES-SHA

crypto dynamic-map outside_dyn_map 10 match address outside_cryptomap_dyn_20

isakmp policy 10 authentication pre-share isakmp policy 10 encryption 3des

isakmp policy 10 hash sha

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

run clear xlate to reset current translations (internet and connections will be down for a second) then try again.


This Discussion