Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

IOS IPSEC C2L

Hi,

can NOT connect with Cisco IPSEC client

Jun 11 17:20:53.609: ISAKMP:(0): phase 1 SA policy not acceptable! (local 1.2.3.4 remote 93.101.0.245)

Please can you check the attached configuration and tell me the error ?

Thanks

2 REPLIES

Re: IOS IPSEC C2L

Your proposals look good to me, have a look at supported proposals here:

http://www.cisco.com/en/US/docs/security/vpn_client/cisco_vpn_client/vpn_client46/administration/guide/vcAch8.html#wp1157757

Perhaps if you could provide more detailed debug output it would help. What IOS version are you running btw? And which VPN client version?

Regards

Farrukh

Community Member

Re: IOS IPSEC C2L

Thanks for the reply.

As you can see on the previous configuration on the router there're:

- a dynamic L2L VPN IPSEC from "dynamic IP addresses": ALL IS OK

- a dynamic CL2 VPN IPSEC from cisco vpn client: NOT WORKING

I use:

- the latest version of the cisco vpn client on windows.

- on router the IOS version is C2801-advipservicesk9-mz.124-15.T5.bin

When I try to connect with the remote peer IP 1.2.3.4 with the following auth on the cisco client:

group name: 3000client

password: ciscoC2L

the router tell me the following error: "phase 1 SA policy not acceptable! ?!?!?"

Attached the debug on the router.

108
Views
0
Helpful
2
Replies
CreatePlease to create content