Hi Guys,
I have issues with renegotiating SA after loss of communication between IPSEC peers.
I am using preshared keys, but the "no-xauth" option is not present on both peers.
Is it possible that the missing the "no-xauth" option could be the cause of the problem with the SAs?
IOS is 12.4(9)T7. I think this could be the problem, because of bug CSCsj52483 (although it says that it is fixed in 12.4(18.3)T):
************************
IPSEC: ISAKMP SA negotiation not successful with cryptomap configured
Symptom:
ISAKMP SA negotiation not successful with cryptomap configured
Conditions:
1. config crypto maps doing Xauth.
2. peer1's pre-shared key should be defined with no-xauth keyword
and peer2 having a pre-shared key without the special tag.
3. peer1 initiates IKE and SAs should come up. Also
parse thru the ike debugs and make sure XAUTH exchanges did not happen
At 3rd step IKe and SAs are not coming up when initaites the session from peer1.
Workaround:
None
************************
Thanks in advance,
Mladen
p.s.: I couldn't find which IOS is "12.4(18.3)T"