VPN Phase 2 Failing

Answered Question
Apr 13th, 2010
User Badges:

Hi


I am trying to set up a new VPN connection between Site A and Site B.


It passes phase one but throws up an error at phase two. I will attach the error message.


Site A's firewall currently has another VPN on it working away fine so I suspect the problem lies on Site B's config.


Thanks in advance

Correct Answer by Jennifer Halim about 7 years 2 months ago

PFS is not matching.


Site A: you have "crypto map outside_map 2 set pfs group1"

Site B: you have "crypto map outside_map 4 set pfs" ---> which default to pfs group 2


Change either one to match each other.


Hope that resolves the issue.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jennifer Halim Tue, 04/13/2010 - 06:39
User Badges:
  • Cisco Employee,

PFS is not matching.


Site A: you have "crypto map outside_map 2 set pfs group1"

Site B: you have "crypto map outside_map 4 set pfs" ---> which default to pfs group 2


Change either one to match each other.


Hope that resolves the issue.

Actions

This Discussion

Related Content