Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
286
Views
0
Helpful
3
Replies

whats up with this? pre-shared problem.

m.matteson
Level 2
Level 2

‎06-27-2003 08:34 PM - edited ‎03-02-2019 08:29 AM

the debug below says the pre-shared keys don't match. i believe they do. my group is vpnuser and key is cisco123 on the vpn client and on the router they are also the same. suggestions?

2d09h: ISAKMP (0:9): Checking ISAKMP transform 8 against priority 100 policy

2d09h: ISAKMP: encryption AES-CBC

2d09h: ISAKMP: hash MD5

2d09h: ISAKMP: default group 2

2d09h: ISAKMP: auth pre-share

2d09h: ISAKMP: life type in seconds

2d09h: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B

2d09h: ISAKMP: keylength of 128

2d09h: ISAKMP (0:9): Encryption algorithm offered does not match policy!

2d09h: ISAKMP (0:9): atts are not acceptable. Next payload is 3

2d09h: ISAKMP (0:9): Checking ISAKMP transform 9 against priority 100 policy

2d09h: ISAKMP: encryption 3DES-CBC

2d09h: ISAKMP: hash SHA

2d09h: ISAKMP: default group 2

2d09h: ISAKMP: auth XAUTHInitPreShared

2d09h: ISAKMP: life type in seconds

2d09h: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B

2d09h: ISAKMP (0:9): Hash algorithm offered does not match policy!

2d09h: ISAKMP (0:9): atts are not acceptable. Next payload is 3

2d09h: ISAKMP (0:9): Checking ISAKMP transform 10 against priority 100 policy

2d09h: ISAKMP: encryption 3DES-CBC

2d09h: ISAKMP: hash MD5

2d09h: ISAKMP: default group 2

2d09h: ISAKMP: auth XAUTHInitPreShared

2d09h: ISAKMP: life type in seconds

2d09h: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B

2d09h: ISAKMP (0:9): Xauth authentication by pre-shared key offered but does not

match policy!

thanks-mike

Labels:
0 Helpful
3 Replies 3

thisisshanky
Level 11
Level 11

‎06-27-2003 09:16 PM

Can you post your configs at either ends?

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus
0 Helpful

m.matteson
Level 2
Level 2
In response to thisisshanky

‎06-27-2003 09:21 PM

crypto isakmp policy 100

encr 3des

hash md5

authentication pre-share

group 2

!

crypto isakmp client configuration group vpnuser

key cisco123

dns 192.168.100.10

wins 192.168.100.11

domain mycorp.corp

pool vpnpool

!

!

crypto ipsec transform-set vpnuser ah-sha-hmac esp-3des

!

!

!

!

crypto dynamic-map vpnuser 75

description Dynamic crypto map for vpn users

set transform-set vpnuser

!

!

crypto map mymap client configuration address respond

crypto map mymap 120 ipsec-isakmp dynamic vpnuser

!

ip local pool vpnpool 192.168.100.50 192.168.100.100

0 Helpful

frejac
Level 1
Level 1

‎06-29-2003 02:21 PM

.

0 Helpful
Customers Also Viewed These Support Documents