Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
291
Views
0
Helpful
4
Replies

PIX (6.2.2) to VPN Client 3.6.1

7g.abate
Level 1
Level 1

‎02-10-2003 08:10 AM - edited ‎02-21-2020 12:20 PM

Hi all,

I have a big problem about a very simple configuration:

a VPN between a client Cisco and a Firewall Cisco.

The crypto ipsec isa command dispaly the following output:

ISAKMP (0): Checking ISAKMP transform 1 against priority 1 policy

ISAKMP: encryption... What? 7?

ISAKMP: hash SHA

ISAKMP: default group 2

ISAKMP: extended auth pre-share

ISAKMP: life type in seconds

ISAKMP: life duration (VPI) of 0x0 0x20 0xc4 0x9b

ISAKMP: attribute 3584

ISAKMP (0): atts are not acceptable. Next payload is 3

ISAKMP (0): Checking ISAKMP transform 2 against priority 1 policy

ISAKMP: encryption... What? 7?

ISAKMP: hash MD5

ISAKMP: default group 2

ISAKMP: extended auth pre-share

ISAKMP: life type in seconds

ISAKMP: life duration (VPI) of 0x0 0x20 0xc4 0x9b

ISAKMP: attribute 3584

ISAKMP (0): atts are not acceptable. Next payload is 3

ISAKMP (0): Checking ISAKMP transform 3 against priority 1 policy

ISAKMP: encryption... What? 7?

ISAKMP: hash SHA

ISAKMP: default group 2

ISAKMP: auth pre-share

ISAKMP: life type in seconds

ISAKMP: life duration (VPI) of 0x0 0x20 0xc4 0x9b

ISAKMP: attribute 3584

ISAKMP (0): atts are not acceptable. Next payload is 3

ISAKMP (0): Checking ISAKMP transform 4 against priority 1 policy

ISAKMP: encryption... What? 7?

ISAKMP: hash MD5

ISAKMP: default group 2

ISAKMP: auth pre-share

ISAKMP: life type in seconds

ISAKMP: life duration (VPI) of 0x0 0x20 0xc4 0x9b

ISAKMP: attribute 3584

ISAKMP (0): atts are not acceptable. Next payload is 3

ISAKMP (0): Checking ISAKMP transform 5 against priority 1 policy

ISAKMP: encryption... What? 7?

ISAKMP: hash SHA

ISAKMP: default group 2

ISAKMP: extended auth pre-share

ISAKMP: life type in seconds

ISAKMP: life duration (VPI) of 0x0 0x20 0xc4 0x9b

ISAKMP: attribute 3584

ISAKMP (0): atts are not acceptable. Next payload is 3

ISAKMP (0): Checking ISAKMP transform 6 against priority 1 policy

ISAKMP: encryption... What? 7?

ISAKMP: hash MD5

ISAKMP: default group 2

ISAKMP: extended auth pre-share

And from the client side it seems that there are any respons from the remote peer

Please let me know as soon as possible

Bye

Labels:
0 Helpful
4 Replies 4

pdentico
Level 1
Level 1

‎02-10-2003 10:17 AM

On the Pix are you DES or 3DES?

I think if you are DES you have to use "hash md5" in your isakmp policy. If that doesn't work try an older client version such as the latest 3.5x.

Or get the 3DES key:)

0 Helpful

achapochnikov
Level 1
Level 1

‎02-10-2003 01:52 PM

Hello!

If you are using DES make sure that you have following commands in your config:

isakmp policy priority 1 authentication-preshare

isakmp policy priority 1 encryption des

isakmp policy priority 1 hash md5

isakmp policy priority 1 group2

isakmp policy priority 1 lifetime 86400

also in your ipsec config you should have:

crypto ipsec transform-set your set esp-des esp-md5-hmac

just use name of your set

it should work

good luck

Anton

0 Helpful

ajagadee
Cisco Employee
Cisco Employee

‎02-11-2003 12:50 PM

Hi,

VPN Client 3.6 does support for DES/SHA is no longer available. Pls refer the below URL for the same:

http://www.cisco.com/univercd/cc/td/doc/product/vpn/client/3_6/361_clnt.htm#xtocid18

Regards.

Arul

0 Helpful

7g.abate
Level 1
Level 1
In response to ajagadee

‎02-12-2003 12:53 AM

Thanks all,

All seems to work correctly with this configuration:

- the encryption and verification: DES/MD5

- Client version 3.5.4

I am going to try with the newer client version

Bye GV

0 Helpful
Customers Also Viewed These Support Documents