unable to allocate ike sa

Unanswered Question
Mar 24th, 2009
User Badges:

cat 6500 with IPSec VPN module. VTI is configured, but debugs show that it is unable to allocate ike sa.

Have changed the key, removed the keyring and just used a global type isakmp key. no change.

crypto engine mode vrf

crypto keyring key1

  pre-shared-key address key <key>

crypto isakmp policy 1

  encr aes

  hash sha

  authentication pre-share

crypto isakmp profile isa_prof

  keyring key1

  match identity address

crypto ipsec transform-set proposal esp-aes esp-sha-hmac

crypto ipsec profile vpnprof

 set transform-set proposal

 set isakmp-profile isa_prof

int Tunnel0

 ip vrf forwarding inside

 ip addr

 ip summary-address 3 255

 tunnel source Loopback1

 tunnel destination

 tunnel mode ipsec ipv4

 tunnel protection ipsec profile vpnprof

 crypto engine slot 3/0 inside

int Loopback1

 ip addr

 crypto engine slot 3/0 outside

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
bwilmoth Tue, 03/31/2009 - 08:02
User Badges:
  • Silver, 250 points or more

Do you have IOS version of 12.2.18SXF? If not then I'd give that a try.


This Discussion