12-02-2002 08:20 AM - edited 02-21-2020 12:12 PM
I am trying to get one of these 3Com boxes to create a SA with a PIX, using DES (may go to 3-DES if I can get this bit working), but get the message in debug - IPSEC(validate_proposal): invalid local address a.b.c.d - where a.b.c.d is the outside address of the PIX.
I am not sure if the transform set is correct, as the 3Com has almost no useful information with it. I think I have tried all the combinations, but still draw a blank.
Any help gratefully received.
12-02-2002 12:25 PM
Invalid local address usually means that the crypto map isnt applied to the interface. Look for "crypto map mymap interface outside" for example. Post your pix config and debugs if you can. But i've seen the same error when its configured correctly, which usually a reload of the pix, after you do a wr mem of course, will solve that issue.
Kurtis Durrett
12-09-2002 03:16 AM
Kurtis,
Apologies for not replying earlier. You were quite correct, when I cut and pasted the config from another customer's, I managed to omit the line that applies the cryto map, but couldn't see this when I checked the config.
Thanks for the help.
Iain
12-02-2002 01:11 PM
Hi,
Please make sure that your crypto ACLs on the router, and local/remote proxy IDs on the 3COM are symmetrical.
Thanks,
Afaq
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: