09-17-2008 04:40 AM - edited 03-09-2019 09:29 PM
Hi ive got a cisco 877 and a netscreen 5gt.
The netscreen is configured as the hub with phase 1 pre-g2-3des-sha, and phase 2 set to nopfs-esp-3des-md5. How would I configure my transform sets on the cisco 877? Can anyone help?
09-17-2008 09:21 AM
Hi Colin,
Phase 1:
crypto isakmp policy 10
encryption 3des
hash sha
authentication pre-share
group 2
Phase 2:
crypto ipsec transform-set MYTRANS esp-3des esp-md5-hmac
Cheers:
Istvan
09-26-2008 01:02 AM
it wont let me enter hash sha under crypto isakmp policy 10. Why is that?
09-26-2008 08:59 AM
Hi,
Probably your IOS image doesn't have this feature.
Try using "hash md5" and if it works, configure netscreen the same way.
Cheers:
Istvan
09-26-2008 10:42 AM
Hi,
SHA is the default hashing algorithm for ISAKMP policy and that is why you are probably not seeing it in the running configuration.
For example, I have SHA Configured under ISAKMP Policy 10 on my router but it does not show in the running configuration.
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
But, if I run the command "Show crypto ISAKMP Policy", I can see it in there.
R16-2821c#sh crypto isakmp policy
Global IKE policy
Protection suite of priority 10
encryption algorithm: Three key triple DES
hash algorithm: Secure Hash Standard
authentication method: Pre-Shared Key
Diffie-Hellman group: #2 (1024 bit)
lifetime: 86400 seconds, no volume limit
Protection suite of priority 20
Regards,
Arul
** Please rate all helpful posts **
10-01-2008 12:51 AM
hi keep getting phase 2 no policy exists for proxy id received on the netscreen ,all phase 1 and 2 configured correctly. Has anyone got any experience programming netscreen5gt and cisco 877 VPNs. Thanks
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: