Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
755
Views
0
Helpful
1
Replies

unable to allocate ike sa

techmaster
Level 1
Level 1

‎03-24-2009 01:40 PM

cat 6500 with IPSec VPN module. VTI is configured, but debugs show that it is unable to allocate ike sa.

Have changed the key, removed the keyring and just used a global type isakmp key. no change.

crypto engine mode vrf

crypto keyring key1

  pre-shared-key address 1.1.1.1 key <key>

crypto isakmp policy 1

  encr aes

  hash sha

  authentication pre-share

crypto isakmp profile isa_prof

  keyring key1

  match identity address 1.1.1.1 255.255.255.255

crypto ipsec transform-set proposal esp-aes esp-sha-hmac

crypto ipsec profile vpnprof

 set transform-set proposal

 set isakmp-profile isa_prof

int Tunnel0

 ip vrf forwarding inside

 ip addr 10.10.10.0 255.255.255.254

 ip summary-address 3 10.0.0.0 255.0.0.0 255

 tunnel source Loopback1

 tunnel destination 1.1.1.1

 tunnel mode ipsec ipv4

 tunnel protection ipsec profile vpnprof

 crypto engine slot 3/0 inside

int Loopback1

 ip addr 2.2.2.2 255.255.255.255

 crypto engine slot 3/0 outside

Labels:
0 Helpful
1 Reply 1

bwilmoth
Level 5
Level 5

‎03-31-2009 08:02 AM

Do you have IOS version of 12.2.18SXF? If not then I'd give that a try.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents