Hi all,

I got a problem with a Lan-2-Lan connection from my Active/standby 5510's with Sec Plus License

the config on the firewall is this

crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac

crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac

crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac

crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac

crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac

crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac

crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 1 set transform-set ESP-AES-256-SHA ESP-AES-256-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-128-SHA ESP-AES-128-MD5

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 1 set reverse-route

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-256 -SHA ESP-AES-256-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-128-SHA ESP-AES-128 -MD5 ESP-3DES-SHA ESP-3DES-MD5

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set reverse-route

crypto map Outside_map 1 match address Outside_1_cryptomap

crypto map Outside_map 1 set pfs

crypto map Outside_map 1 set peer 1.1.1.1

crypto map Outside_map 1 set transform-set ESP-AES-256-SHA ESP-3DES-SHA

crypto map Outside_map 1 set reverse-route

crypto map Outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP

crypto map Outside_map interface Outside

crypto isakmp enable Outside

crypto isakmp policy 20

authentication pre-share

encryption aes-256

hash sha

group 5

lifetime 86400

crypto isakmp policy 30

authentication pre-share

encryption aes-192

hash sha

group 5

lifetime 86400

crypto isakmp policy 40

authentication pre-share

encryption aes

hash sha

group 5

lifetime 86400

crypto isakmp policy 60

authentication pre-share

encryption aes-256

hash sha

group 2

lifetime 86400

crypto isakmp policy 70

authentication pre-share

encryption aes-192

hash sha

group 2

lifetime 86400

crypto isakmp policy 80

authentication pre-share

encryption aes

hash sha

group 2

lifetime 86400

crypto isakmp policy 100

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

crypto isakmp policy 120

authentication pre-share

encryption 3des

hash md5

group 2

lifetime 86400

no crypto isakmp nat-traversal

crypto isakmp disconnect-notify

and on the router is here

crypto isakmp policy 1

encr aes 256

authentication pre-share

group 5

!

crypto isakmp policy 10

encr 3des

authentication pre-share

group 2

crypto isakmp key key-here address 10.10.10.10

crypto isakmp keepalive 30

!

!

crypto ipsec transform-set strong-des esp-3des esp-sha-hmac

crypto ipsec transform-set FrasersVersion esp-aes 256 esp-sha-hmac

crypto ipsec transform-set fraser2 esp-aes esp-sha-hmac

!

crypto map VPN 1 ipsec-isakmp

set peer 10.10.10.10

set transform-set FrasersVersion strong-des fraser2

set pfs group2

match address 150

but I still get errors such as the Log File below.

As soon as I let it build the tunnel all works fine but then a few seconds later it all falls down :-(

What am I missing ?

Please help.