unable to allocate ike sa

Unanswered Question
Mar 24th, 2009
User Badges:

cat 6500 with IPSec VPN module. VTI is configured, but debugs show that it is unable to allocate ike sa.

Have changed the key, removed the keyring and just used a global type isakmp key. no change.


crypto engine mode vrf


crypto keyring key1

  pre-shared-key address 1.1.1.1 key <key>


crypto isakmp policy 1

  encr aes

  hash sha

  authentication pre-share


crypto isakmp profile isa_prof

  keyring key1

  match identity address 1.1.1.1 255.255.255.255

crypto ipsec transform-set proposal esp-aes esp-sha-hmac


crypto ipsec profile vpnprof

 set transform-set proposal

 set isakmp-profile isa_prof



int Tunnel0

 ip vrf forwarding inside

 ip addr 10.10.10.0 255.255.255.254

 ip summary-address 3 10.0.0.0 255.0.0.0 255

 tunnel source Loopback1

 tunnel destination 1.1.1.1

 tunnel mode ipsec ipv4

 tunnel protection ipsec profile vpnprof

 crypto engine slot 3/0 inside


int Loopback1

 ip addr 2.2.2.2 255.255.255.255

 crypto engine slot 3/0 outside


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
bwilmoth Tue, 03/31/2009 - 08:02
User Badges:
  • Silver, 250 points or more

Do you have IOS version of 12.2.18SXF? If not then I'd give that a try.

Actions

This Discussion