Hello, I am looking forward to encrypting management traffic between my router and PC. PC is windows XP, and i created an IPSec policy with the secpol.msc utility. I set up a policy, and it works great between two XP pcs.
Everything is pretty much a mirror between the two PCs, and thats why I am able to get ESP encapsulated traffic.
So, I thought I would try creating another transport mode IPSec, this time adding the router. I set up everything the same as on the PC, including the pre-shared key, lifetimes, the transform set, and the access list states the same thing "all tcp traffic between these hosts", along with a mirrored acl. Anyway, I cannot get isakmp to complete, as noted by these debug lines from the router:
(this is not the full output, but lines of interest)
ISAKMP (0:6): deleting node -378831385 error TRUE reason "quick mode rejected"
ISAKMP (0:5): IPSec policy invalidated proposal
ISAKMP (0:5): phase 2 SA policy not acceptable! (local 220.127.116.11 remote 18.104.22.168)
ISAKMP (0:5): deleting node -1511991460 error TRUE reason "quick mode rejected"
ALSO, there was this output:
ISAKMP (0:6): peer matches *none* of the profiles
Which makes no sense. I'm certain i set up everything the same.
Anyone have experience with these errors, and what typically leads to them?
Keep in mind, this IPSec policy is to affect traffic local to and from the router, not passed between its interfaces.