Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Converting crypto map to unnumbered VTI

I'm trying to convert a crypto map VPN to a ip unnumbered VTI. The crypto map has been working for months. The VTI... no so much. Here are the applicable config entries.

### original config


crypto isakmp policy 30

encr 3des

authentication pre-share

group 2


crypto isakmp key xxxxxxxx address


crypto ipsec transform-set 3DES-SHA esp-3des esp-sha-hmac


crypto map CRYPTO 50 ipsec-isakmp

set peer

set transform-set 3DES-SHA

set pfs group2

match address VPN1


ip access-list extended VPN1

permit ip host host

permit ip host host

I only removed the crypto map and added the following.

### New Config

crypto ipsec profile V1

set security-association lifetime seconds 28800

set transform-set 3DES-SHA

set pfs group2


interface Tunnel0

ip unnumbered FastEthernet0/0

ip nat outside

ip virtual-reassembly

tunnel source

tunnel destination

tunnel mode ipsec ipv4

tunnel protection ipsec profile V1

I keep getting this ISAKMP error now.

ISAKMP:(0:54:HW:2):deleting SA reason "Recevied fatal informational" state (I) QM_IDLE (peer

Any help would be greatly appreciated. Also... I have no idea what is running on the other end (it's a partner network), but I suspect it's a crypto map on IOS.

Thank you!

  • Other Security Subjects
This widget could not be displayed.