05-30-2007 09:19 AM - edited 02-21-2020 01:32 AM
Hi all,
I am facing a problem trying to establish a tunnel with one of our supplier.
Their side is terminated on a IOS router currently unknown type and version (should be 12.2 - 12.4), my side is an ASA 7.2(2), configurations are attached (at least the snippet of the IOS config I was sent).
Apparently Phase 1 completes correctly but P2 fails with "Received non-routine Notify message: No proposal chosen (14)", I also attach debug from ASA with " debug crypto isakmp 129" and "debug crypto ipsec 129".
I double checked transform sets and IKE policies.
BTW I never had to use static NAT AND IPSec as here (I was asked to do so by other side) , is that configuration really feasible?
Many thanx in advance...
Ivano
06-05-2007 04:51 PM
I think you will need to remove the private ip address from the match address and leave the natted ones only. Following links may help you
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094a87.shtml
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094634.shtml
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide