Re: hash not match pix to pix vpn

cfajardo1_2 · ‎03-21-2006

below is the capture of my debug;

ISAKMP (0:0): NAT does not match MINE hash

hash received: 2b b7 2 b3 5f 56 20 e0 e0 ef 65 e0 73 c 7f 66

my nat hash : ce d8 d0 e8 38 5d a9 d9 d8 67 bb ea 57 67 a1 d1

ISAKMP (0:0): Detected NAT-D payload

ISAKMP (0:0): NAT does not match HIS hash

hash received: 85 3a 1 ff 6b a 59 8b 22 40 f5 a4 96 4b ef 3b

his nat hash : da 5a 92 3e 99 e3 9 7d 73 68 f3 c5 2f d0 ae df

PLEASE HELP ME RECTIFY THIS PROBLEM

jmia · ‎03-21-2006

Make sure that all the ipsec attributes are correct on both end devices, is this a L2L vpn using pix or something else?

Check the isakmp policy hash match correctly for both ends i.e.

isakmp policy hash md5

Jay

cfajardo1_2 · ‎03-21-2006

the hash is exactly the same on both side...i just dont know if the enabling of ssh on the other end pix affects this problem...(enabling ssh, i have invoked coomand CA GENERATE RSA 1024)..

THX

cfajardo1_2 · ‎03-21-2006

the hash is exactly the same on both side...i just dont know if the enabling of ssh on the other end pix affects this problem...(enabling ssh, i have invoked coomand CA GENERATE RSA 1024)..

THX

cfajardo1_2 · ‎03-21-2006

the hash is exactly the same on both side...i just dont know if the enabling of ssh on the other end pix affects this problem...(enabling ssh, i have invoked coomand CA GENERATE RSA 1024)..

THX

cfajardo1_2 · ‎03-21-2006

i just zeroize the rsa by using CA ZEROIZE RSA, and tried VPN again. the problem is still there.

jmia · ‎03-21-2006

Can you possibly post both configs from your pix here (please take out any sensitive info).

Thanks / Jay

cfajardo1_2 · ‎03-21-2006

sorry but as ive said ive just zeroize the rsa on the other end thereby not able to do the ssh.

so instead iam attaching here the whole debug where i higlighted some lines.

i could only send you the config later.

thanks for helping.