Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

PIX to IOS router tunnel

Hello, Can anyone help with this debug output?

Phase 1 goes through fine.

TIA

Shervan

001785: *Jun 28 23:27:37.954 GMT: IPSEC(validate_transform_proposal): transform

proposal not supported for identity:

{esp-3des esp-md5-hmac }

001786: *Jun 28 23:27:37.958 GMT: ISAKMP:(0:2:SW:1): IPSec policy invalidated pr

oposal

001787: *Jun 28 23:27:37.958 GMT: ISAKMP:(0:2:SW:1): phase 2 SA policy not accep

table! (local 192.168.1.2 remote 213.235.4.53)

001788: *Jun 28 23:27:37.958 GMT: ISAKMP: set new node 305550865 to QM_IDLE

001789: *Jun 28 23:27:37.958 GMT: ISAKMP:(0:2:SW:1):Sending NOTIFY PROPOSAL_NOT_

CHOSEN protocol 3

spi 1143421584, message ID = 305550865

001790: *Jun 28 23:27:37.958 GMT: ISAKMP:(0:2:SW:1): sending packet to 213.235.4

.53 my_port 4500 peer_port 4500 (R) QM_IDLE

001791: *Jun 28 23:27:37.958 GMT: ISAKMP:(0:2:SW:1):purging node 305550865

001792: *Jun 28 23:27:37.958 GMT: ISAKMP:(0:2:SW:1):deleting node -200521196 err

or TRUE reason "QM rejected"

001793: *Jun 28 23:27:37.958 GMT: ISAKMP (0:134217730): Unknown Input IKE_MESG_F

ROM_PEER, IKE_QM_EXCH: for node -200521196: state = IKE_QM_READY

001794: *Jun 28 23:27:37.958 GMT: ISAKMP:(0:2:SW:1):Node -200521196, Input = IKE

_MESG_FROM_PEER, IKE_QM_EXCH

001795: *Jun 28 23:27:37.958 GMT: ISAKMP:(0:2:SW:1):Old State = IKE_QM_READY Ne

w State = IKE_QM_READY

001796: *Jun 28 23:27:37.958 GMT: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Qui

ck mode failed with peer at 213.235.4.53

1 REPLY
Gold

Re: PIX to IOS router tunnel

It looks that peer doesnt accept IPSEC transform set - check if transform sets (esp-3des esp-md5-hmac) are same on both peers

M.

116
Views
0
Helpful
1
Replies
CreatePlease to create content