Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Debug L2L VPN between Pix and IOS

Hi, I am having problem with a L2L VPN between a Pix 515e running Ver 7.0(2) and a Cisco IOS Router at my supplier's site.

I think it's failing at Phase 1, I've checked the preshare key and Isakmp proposal to make sure they match.

I did a debug and the only obvious errors I picked up are "Notify Type: NO_PROPOSAL_CHOSEN" and "IKE QM Initiator FSM error history"

I've attached the debug output from my Pix.

Can anyone help?

Thanks alot in advance

7 REPLIES
Gold

Re: Debug L2L VPN between Pix and IOS

it would be better if you can post both configs

New Member

Re: Debug L2L VPN between Pix and IOS

Hi,

I've attached the relevant configs from both ends.

Thanks

Gold

Re: Debug L2L VPN between Pix and IOS

from the ios config, "set transform-set triple-md5" refers to triple-md5. however, i can't see the transform set being created.

e.g. it should look like:

crypto ipsec transform-set triple-md5 esp-3des esp-md5-hmac

New Member

Re: Debug L2L VPN between Pix and IOS

Hi Jackko,

Our supplier have just confirmed the config you stated is in the IOS config, they simply didn't include it when they send though the relevant config of their router.

Any other suggestions?

Thanks,

Nelson

Gold

Re: Debug L2L VPN between Pix and IOS

with the ios config, under crypto isakmp profile, the keyring statement is missing.

according to the posted config:

crypto keyring fcs

pre-shared-key address 201.100.146.58 key *

crypto isakmp profile fcs

match identity address 201.100.146.58 255.255.255.255

***Missing*** keyring fcs

New Member

Re: Debug L2L VPN between Pix and IOS

Hi Jackko,

It seems the keyring was in the config as well. I've attached the new iso config for your reference.

Nelson

New Member

Re: Debug L2L VPN between Pix and IOS

Can someone help me with this? I am at a lost on getting this VPN up.

Thanks,

Nelson

143
Views
0
Helpful
7
Replies
CreatePlease to create content