Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Silver

Nortel to IOS VPN

I'm trying to set up an IOS router VPN to a Nortel Contivity box.

My crypto settings are:

crypto isakmp policy 10

encr 3des

authentication pre-share

group 2

crypto isakmp key cisco address x.x.x.x

!

!

crypto ipsec transform-set TRANS esp-3des esp-md5-hmac

!

crypto map MAP 10 ipsec-isakmp

set peer x.x.x.x

set transform-set TRANS

match address CRYPTO-ACL

The contivity is set for ESP 3DES with MD5 integrity, and the IKE settings are 3des with group 2. I dont have Nortel experience or access.

The debugs indicate that MM exchange starts, the pre-shared key is found but then a message indicates `Notify has no hash. Rejected'

I also see %CRYPTO-6-IKMP_MODE_FAILURE: pasting this into the error message decoder points mt to a document that discusses X509 certificates, no use at all as far as I can see.

Is there anyting else needs setting up on the Nortel box?

3 REPLIES

Re: Nortel to IOS VPN

Hi

under your IKE policy can u configure hash md5 and check ??

crypto isakmp policy 10

hash md5

regds

Silver

Re: Nortel to IOS VPN

Thanks,

tried that, no difference. From the debug I see that the negotiation reaches QM_IDLE, then receives a P1 delete message from the remote end.

Silver

Re: Nortel to IOS VPN

Can you try with Group 1 instead of Grp 2. I remember having seen this error when there was DH Group Mismatch. Another thing can you change on the Peer at remote end ? If not you could force the peer at your end.

HTH

264
Views
0
Helpful
3
Replies