VPN concentrator to VPNSM

Unanswered Question
Mar 12th, 2008

Hi, I have a couple of remote clients using a Cisco VPN concentrator who connect to our VPNSM through an IPSEC encrypted tunnel. On my end, I configure my transform-set to MD5 but it seems that on the remote end they have to configure Phase 2 to SHA in order to get the tunnel to work. I would have assumed that the tunnel wouldn't have even come up if both ends didn't match for the encryption piece?? Anyone else have a similar situation and can explain to me why this would even work? thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
irisrios Tue, 03/18/2008 - 07:20

Security parameters have to be same on both the ends. Only then the tunnel would come up. I still haven't seen a working configuration with mismatch in security parameters.

m.saunders Tue, 03/18/2008 - 07:24

Thanks for the reply and that's what I thought too. Doesn't make any sense to me.


This Discussion