IPSEC no-xauth

Unanswered Question
Sep 30th, 2008

Hi Guys,

I have issues with renegotiating SA after loss of communication between IPSEC peers.

I am using preshared keys, but the "no-xauth" option is not present on both peers.

Is it possible that the missing the "no-xauth" option could be the cause of the problem with the SAs?

IOS is 12.4(9)T7. I think this could be the problem, because of bug CSCsj52483 (although it says that it is fixed in 12.4(18.3)T):

************************

IPSEC: ISAKMP SA negotiation not successful with cryptomap configured

Symptom:

ISAKMP SA negotiation not successful with cryptomap configured

Conditions:

1. config crypto maps doing Xauth.

2. peer1's pre-shared key should be defined with no-xauth keyword

and peer2 having a pre-shared key without the special tag.

3. peer1 initiates IKE and SAs should come up. Also

parse thru the ike debugs and make sure XAUTH exchanges did not happen

At 3rd step IKe and SAs are not coming up when initaites the session from peer1.

Workaround:

None

************************

Thanks in advance,

Mladen

p.s.: I couldn't find which IOS is "12.4(18.3)T"

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion