--begin ciscomoderator note-- The following post has been edited to remove potentially confidential information. Please refrain from posting confidential information on the site to reduce security risks to your network. -- end ciscomoderator note --
I've configured about 20 of these using DSL ISP's on the remote side with a 3002. In house we have a VPN 3005 where the tunnels terminate. I configure this using Network extension mode (PAT disabled). That is how this and all others are configured. However, I can't get this particular 3002 to connect. It looks like it starts IKE negotiation at least. I get this strange error message:
The remote side is using a speedstream router and AT&T business DSL. Nothing is supposed to be blocked and all filters are turned off on the DSL router for now. I don't understand why this is not connected. Please help!
Other relevent messages:
(From the 3005)
IKE SA Proposal # 1, Transform # 2 acceptable
Matches global IKE entry # 2 Proposal (CiscoVPNClient-3DES-MD5)
The first suggestion I would give is to take away the speedstream router and AT&T business DSL as the possible cause and try from one of the other sites which work fine. Additionally if you can go ahead and try to get the 3002 connect to the same group as the rest of these. The message:
is just an informational message and doesn't tell us exactly whats wrong. Kindly make sure that the issue is not with the upstream router and then collect the details logs to send to TAC and troubleshoot the issue with them.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :