I'm trying to setup IPSec with HSRP but I'm having some problems.
I have a single router TEST_R3 acting as a client on an unknown IP address.
I have 2 routers TEST_R0 and TEST_R1 acting as end points, both configured with a HSRP group called REDUNDANT2.
TEST_R1 is the active router (TEST_R0 is actually switched off). The standby IP is 10.2.1.254
The client, TEST_R3 is configured to peer with the HSRP IP address.
When TEST_R3 attempts connectivity I receive the following error on TEST_R1:
*Mar 1 01:04:38.451: map_db_find_best did not find matching map
*Mar 1 01:04:38.455: IPSEC(validate_transform_proposal): no IPSEC cryptomap exists for local address 10.2.1.254
*Mar 1 01:04:38.467: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Quick mode failed with peer at 22.214.171.124
It says something about invalid transform sets yet I assure you there are valid matching sets configured on each end. So I suppose my question is, what is this error trying to tell me?
I've attached relevant config for each device.