Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

whats up with this? pre-shared problem.

the debug below says the pre-shared keys don't match. i believe they do. my group is vpnuser and key is cisco123 on the vpn client and on the router they are also the same. suggestions?

2d09h: ISAKMP (0:9): Checking ISAKMP transform 8 against priority 100 policy

2d09h: ISAKMP: encryption AES-CBC

2d09h: ISAKMP: hash MD5

2d09h: ISAKMP: default group 2

2d09h: ISAKMP: auth pre-share

2d09h: ISAKMP: life type in seconds

2d09h: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B

2d09h: ISAKMP: keylength of 128

2d09h: ISAKMP (0:9): Encryption algorithm offered does not match policy!

2d09h: ISAKMP (0:9): atts are not acceptable. Next payload is 3

2d09h: ISAKMP (0:9): Checking ISAKMP transform 9 against priority 100 policy

2d09h: ISAKMP: encryption 3DES-CBC

2d09h: ISAKMP: hash SHA

2d09h: ISAKMP: default group 2

2d09h: ISAKMP: auth XAUTHInitPreShared

2d09h: ISAKMP: life type in seconds

2d09h: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B

2d09h: ISAKMP (0:9): Hash algorithm offered does not match policy!

2d09h: ISAKMP (0:9): atts are not acceptable. Next payload is 3

2d09h: ISAKMP (0:9): Checking ISAKMP transform 10 against priority 100 policy

2d09h: ISAKMP: encryption 3DES-CBC

2d09h: ISAKMP: hash MD5

2d09h: ISAKMP: default group 2

2d09h: ISAKMP: auth XAUTHInitPreShared

2d09h: ISAKMP: life type in seconds

2d09h: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B

2d09h: ISAKMP (0:9): Xauth authentication by pre-shared key offered but does not

match policy!

thanks-mike

3 REPLIES

Re: whats up with this? pre-shared problem.

Can you post your configs at either ends?

Community Member

Re: whats up with this? pre-shared problem.

crypto isakmp policy 100

encr 3des

hash md5

authentication pre-share

group 2

!

crypto isakmp client configuration group vpnuser

key cisco123

dns 192.168.100.10

wins 192.168.100.11

domain mycorp.corp

pool vpnpool

!

!

crypto ipsec transform-set vpnuser ah-sha-hmac esp-3des

!

!

!

!

crypto dynamic-map vpnuser 75

description Dynamic crypto map for vpn users

set transform-set vpnuser

!

!

crypto map mymap client configuration address respond

crypto map mymap 120 ipsec-isakmp dynamic vpnuser

!

ip local pool vpnpool 192.168.100.50 192.168.100.100

Community Member

Re: whats up with this? pre-shared problem.

.

115
Views
0
Helpful
3
Replies
CreatePlease to create content