cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
675
Views
0
Helpful
1
Replies

Remote vpn error

mcoroghidaf
Level 1
Level 1

i have these error while doing remote vpn to my network: Aug 06 12:18:59 [IKEv1]: Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Group 1 Cfg'd: Group 2

Attempt to get Phase 1 ID data failed while constructing ID

1 Reply 1

mcoroghidaf
Level 1
Level 1

attached is the configuration:

thanks for the response. i have checked and checked and i seem not to be sighting the error. below is my config:

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-sha-hmac

crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac

crypto ipsec transform-set ESP-3des-md5 esp-aes esp-sha-hmac

crypto ipsec transform-set certvpn esp-aes esp-sha-hmac

crypto ipsec transform-set cert esp-3des esp-md5-hmac

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto dynamic-map Outside_dyn_map 20 set transform-set ESP-AES-128-SHA certvpn

crypto dynamic-map Outside_dyn_map 20 set security-association lifetime seconds 28800

crypto dynamic-map Outside_dyn_map 20 set security-association lifetime kilobytes 4608000

crypto dynamic-map Outside_dyn_map 21 set transform-set certvpn

crypto dynamic-map Outside_dyn_map 21 set security-association lifetime seconds 28800

crypto dynamic-map Outside_dyn_map 21 set security-association lifetime kilobytes 4608000

crypto dynamic-map Outside_dyn_map 31 set transform-set cert ESP-3DES-SHA ESP-3des-md5 certvpn

crypto dynamic-map Outside_dyn_map 40 set transform-set ESP-3DES-SHA

crypto dynamic-map Outside_dyn_map 40 set security-association lifetime seconds 28800

crypto dynamic-map Outside_dyn_map 40 set security-association lifetime kilobytes 4608000

crypto map Outside_map 65535 ipsec-isakmp dynamic Outside_dyn_map

crypto map Outside_map interface Outside

crypto ca trustpoint major

enrollment url http://major:80/certsrv/mscep/mscep.dll

subject-name CN=bng-asa.wcsa.com,OU=ict,O=wcsa lng,C=ng,St=la,L=hq

serial-number

keypair dmzca

crl configure

crypto ca certificate chain major

crypto isakmp enable Outside

crypto isakmp policy 10

authentication pre-share

encryption aes

hash sha

group 2

lifetime 86400

crypto isakmp policy 30

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

crypto isakmp policy 1000

authentication rsa-sig

encryption 3des

hash md5

group 2

lifetime 86400

crypto isakmp policy 1100

authentication rsa-sig

encryption aes

hash md5

group 1

lifetime 86400

crypto isakmp policy 65530

authentication rsa-sig

encryption aes

hash sha

group 5

lifetime 86400

crypto isakmp policy 65535

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

crypto isakmp ipsec-over-tcp port 10000

group-policy defaultgroup internal

group-policy Defaultgroup internal

group-policy Defaultgroup attributes

default-domain value wcsa.com

group-policy DefaultRAGroup internal

group-policy DefaultRAGroup attributes

dns-server value 10.13.200.113

address-pools value Certvpnip

tunnel-group DefaultRAGroup general-attributes

address-pool Certvpnip

address-pool certvpnip

authentication-server-group ACS LOCAL

tunnel-group DefaultRAGroup ipsec-attributes

trust-point major

tunnel-group wcsa_Remote type remote-access

tunnel-group wcsa_Remote general-attributes

address-pool wcsaVPN

authentication-server-group ACS

accounting-server-group ACS

default-group-policy wcsa_Remote

tunnel-group wcsa_Remote ipsec-attributes

pre-shared-key *

tunnel-group defaultgroup type remote-access

tunnel-group defaultgroup general-attributes

address-pool Certvpnip

tunnel-group defaultgroup ipsec-attributes

trust-point major

please, note that we have two tunnels and one is working perfectly, except fpr the CA one!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: