Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Pix 501 VPN question

Hi

I have two pix 502 firewalls with an IPSEC L2L tunnel between them. The L2L tunnel establishes and is working fine. I added the dynamic VPN for road warriors to connect in but I get the following error

IPSEC(validate_transform_proposal): invalid local address 89.19.83.212

IPSEC(validate_proposal): transform proposal (prot 3, trans 3, hmac_alg 2) not s

upported

Anyone got any ideas

john

3 REPLIES

Re: Pix 501 VPN question

Hi John

Please attach your config

Regards

Community Member

Re: Pix 501 VPN question

config attached as requested

Re: Pix 501 VPN question

Try this

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-md5-sha

clear config crypto dynamic-map outside_dyn_map 20

crypto dynamic-map outside_dyn_map 10 set transform-set ESP-3DES-SHA

crypto dynamic-map outside_dyn_map 10 match address outside_cryptomap_dyn_20

isakmp policy 10 authentication pre-share isakmp policy 10 encryption 3des

isakmp policy 10 hash sha

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

run clear xlate to reset current translations (internet and connections will be down for a second) then try again.

136
Views
0
Helpful
3
Replies
CreatePlease to create content