Hi, I have a Cisco 877 configured in VPN mode to connect to a Cisco Concentrator. The ISAKMP policy is AES-256/SHA and DH group 5.
Now first of all the 877 will only connect as a VPN if I set both the concentrator and 877 to DH Group 2 and when I look at the session info the ISAKMP is using AES-128/sha? Why not AES-256?
Your IKE Session encryption is aes-128 and DH Group 2, IKE Policy configuration. While your IPSec Session encryption is AES-256, AES Transform Set configuration.
In your "crypto isakmp policy 1", "encr aes" means "encr aes-128". Use "encr aes-256" instead of "encr aes" only. and use DH Group 5. i.e.
crypto isakmp policy 1