Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

config site-site vpn between cisco router and watchguard firebox700

i need to config ipsec site-site vpn betweent cisco 3745 router and watchguard firebox700.after configuration, i check the phaseI between 3745 and firebox700 already setting up,C3745 gives log below:

Feb 25 2007 08:25:29: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Quick mode failed with peer at 220.*.*.175

Feb 25 2007 08:26:19: IPSEC(validate_proposal_request): proposal part #1,

(key eng. msg.) INBOUND local= 172.16.1.12, remote= 220.200.1.175,

local_proxy= 172.16.251.1/255.255.255.255/0/0 (type=1),

remote_proxy= 172.16.251.98/255.255.255.255/0/0 (type=1),

protocol= ESP, transform= esp-3des esp-sha-hmac (unknown),

lifedur= 0s and 0kb,

spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x0

Feb 25 2007 08:26:19: IPSEC(validate_transform_proposal): transform proposal not supported for identity:

{esp-3des esp-sha-hmac }

pls help me solve this problem,my ios version is c3745-advipservicesk9-mz.123-14.T7.bin Firebox running version 7.3

2 REPLIES
New Member

Re: config site-site vpn between cisco router and watchguard fir

New Member

Re: config site-site vpn between cisco router and watchguard fir

yeah,i have checked ,both side in ipsec phaseII use esp-3des esp-sha-hmac .i think the key point is here "protocol= ESP, transform= esp-3des esp-sha-hmac (unknown)".i use "show crypto isakmp sa " command in C3745,it shows below

172.16.1.12 220.200.1.175 QM_IDLE 623 0 ACTIVE

598
Views
0
Helpful
2
Replies