06-04-2008 08:00 AM - edited 02-21-2020 03:45 PM
Hi,
Im trying to get a l2tp over ipsec vpn setup between a draytek router and a 5510 with latest firmware.
I have attached the syslog output of the cisco and the current running configuration.
following two lines are of interest and indicate some sort of error
4|Jun 04 2008|16:18:34|113019|||Group = DefaultRAGroup, Username = , IP = x.x.x.x, Session disconnected. Session Type: IKE, Duration: 0h:00m:00s, Bytes xmt: 0, Bytes rcv: 0, Reason: Phase 2 Mismatch
5|Jun 04 2008|16:18:34|713904|||Group = DefaultRAGroup, IP = x.x.x.x, All IPSec SA proposals found unacceptable!
Phase 1 completes successfully but negotiating phase 2 details fails.
It should be using AES and SHA.
Help would be much appreciated.
Regards
Gareth
06-04-2008 12:34 PM
I think on the ASA, L2TP can be configured using 'transport mode' only, so please use a transform-set that has 'mode transport'.
Secondly why have you used the 'outside' keyword in the identity NAT? This is for destination NAT and does not represent the 'outside' interface/zone.
"nat (Test) 0 0.0.0.0 0.0.0.0 outside"
Regards
Farrukh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide