Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

l2l vpn between cisco pix and vpn concentrator 3030

l2l completes phase 1 but cannot seem to complete phase 2. A portion of the debug from the Pix is attached. Anyone got any ideas?

3 REPLIES
Gold

Re: l2l vpn between cisco pix and vpn concentrator 3030

possible transform set mismatch on phase 2.

in the pix, this will be the command's related to something like:

crypto map VPN 20 set transform-set 3desSHA

in the concentrator, it will be found on the main config page for a L2L setup under:

Encryption and Authentication (not the IKE Proposal setting)

or, in the concentrator

configuration--> policy mgmt -->traffic mgmt - SA's--> find the IPSEC SA for this connection and modify

New Member

Re: l2l vpn between cisco pix and vpn concentrator 3030

I am thinking that as well. I have verified a couple of times the config on the concentrator, however, I only have part of what the other Pix has and something is bugging me. He setup his transform-set as IPSEC-3DES-MD5, instead of what I am used to seeing ESP-3DES-MD5. Personally never heard of IPSEC-3DES-MD5, however, I am no expert, just someone with some experience. What's your take on this?

New Member

Re: l2l vpn between cisco pix and vpn concentrator 3030

Never mind my last post, it's just the name he gave his transform set. I took a look at his parameters again and he has used esp-3des esp-md5-hmac. Still trying to find the Phase 2 mismatch.

214
Views
0
Helpful
3
Replies