unable to allocate ike sa

Unanswered Question
Mar 24th, 2009

cat 6500 with IPSec VPN module. VTI is configured, but debugs show that it is unable to allocate ike sa.

Have changed the key, removed the keyring and just used a global type isakmp key. no change.

crypto engine mode vrf

crypto keyring key1

  pre-shared-key address 1.1.1.1 key <key>

crypto isakmp policy 1

  encr aes

  hash sha

  authentication pre-share

crypto isakmp profile isa_prof

  keyring key1

  match identity address 1.1.1.1 255.255.255.255

crypto ipsec transform-set proposal esp-aes esp-sha-hmac

crypto ipsec profile vpnprof

 set transform-set proposal

 set isakmp-profile isa_prof

int Tunnel0

 ip vrf forwarding inside

 ip addr 10.10.10.0 255.255.255.254

 ip summary-address 3 10.0.0.0 255.0.0.0 255

 tunnel source Loopback1

 tunnel destination 1.1.1.1

 tunnel mode ipsec ipv4

 tunnel protection ipsec profile vpnprof

 crypto engine slot 3/0 inside

int Loopback1

 ip addr 2.2.2.2 255.255.255.255

 crypto engine slot 3/0 outside

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
bwilmoth Tue, 03/31/2009 - 08:02

Do you have IOS version of 12.2.18SXF? If not then I'd give that a try.

Actions

This Discussion