02-24-2007 05:07 PM - edited 03-11-2019 02:38 AM
i need to config ipsec site-site vpn betweent cisco 3745 router and watchguard firebox700.after configuration, i check the phaseI between 3745 and firebox700 already setting up,C3745 gives log below:
Feb 25 2007 08:25:29: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Quick mode failed with peer at 220.*.*.175
Feb 25 2007 08:26:19: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= 172.16.1.12, remote= 220.200.1.175,
local_proxy= 172.16.251.1/255.255.255.255/0/0 (type=1),
remote_proxy= 172.16.251.98/255.255.255.255/0/0 (type=1),
protocol= ESP, transform= esp-3des esp-sha-hmac (unknown),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x0
Feb 25 2007 08:26:19: IPSEC(validate_transform_proposal): transform proposal not supported for identity:
{esp-3des esp-sha-hmac }
pls help me solve this problem,my ios version is c3745-advipservicesk9-mz.123-14.T7.bin Firebox running version 7.3
02-25-2007 01:26 AM
Have you check the parameters os the phase II ?
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a00800949c5.shtml#tform_not
02-25-2007 04:55 PM
yeah,i have checked ,both side in ipsec phaseII use esp-3des esp-sha-hmac .i think the key point is here "protocol= ESP, transform= esp-3des esp-sha-hmac (unknown)".i use "show crypto isakmp sa " command in C3745,it shows below
172.16.1.12 220.200.1.175 QM_IDLE 623 0 ACTIVE
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide