10-17-2006 01:44 PM - edited 02-21-2020 02:40 PM
We are are having some problems getting the tunnel to completely come up. It seems the IKE or Phase 1 completes and then Phase 2 won't complete. I am getting a message about INVALID_ID_INFO and the the process ends and restarts. I have attached the log file. Any help here would be greatly appreciated.
Scott
Solved! Go to Solution.
10-20-2006 03:36 PM
The message points to a crypto map problem. Make sure the peer specified on the Cisco points to the tunnel termination point at the Nortel side. Also make sure that the transform set matches along the local and remote proxy identities (ACL).
10-20-2006 03:36 PM
The message points to a crypto map problem. Make sure the peer specified on the Cisco points to the tunnel termination point at the Nortel side. Also make sure that the transform set matches along the local and remote proxy identities (ACL).
10-21-2006 05:50 AM
I don't manage the Contivity and can only go by what the analyst on the other end is telling me. We have gone over the ipsec config over and over and everything seems to match. We just can't seem to pinpoint where the difference is. We are narrowing traffic down to 4 hosts on our end and 2 hosts on their end.
10-23-2006 08:34 PM
Scott,
Can you make sure that you have configured "isakmp identity address" on the ASA.
Let me know if it helps.
Regards,
Arul
10-24-2006 08:18 AM
Arul, I do believe that did it..
Thanks Scott.
10-24-2006 10:23 AM
Scott,
Thanks for the update! Glad that everything is working.
If you dont mind, when you get a chance could you update the Forum that the answer provided resolved your issue, so others can benefit from similar issues.
Thanks!
Arul
10-24-2006 12:07 PM
I did and again thanks for the help.
Scott
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: