Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

PIX with Draytek 2900

HI all,

I'm trying to get a Draytek Vigor 2900 to talk through ipsec vpn to a PIX 515E running OS7.0.4. The pix has a fixed IP-Address and the Vigor has a DSL-Line connected providing changing addresses. The PIX-Log tells me "All IPSec SA proposals found unacceptable!" after the connection to the dynamic map and the default L2L-Group.

Can anybody give me a hint what to do?

Every help is welcome.

Thanks in advance

Regards

Alexander Ott

2 REPLIES
Silver

Re: PIX with Draytek 2900

The issue may be due to

IKE: Failing on Phase 1 negotiation

Group [3002group]

authentication required but selected Proposal does not support authentication,

Check priorities of IKE xauth proposals in IKE proposal list.

New Member

Re: PIX with Draytek 2900

Hi,

thanks for your answer.

Finally we got another hint which solved the problem. Actually the proposals were wrong. The Draytek was set to "no pfs" which was not abbreviated in the Draytec's html-page. So we set the pix to "no pfs" and finally it worked.

Thanks

Alex

394
Views
0
Helpful
2
Replies
CreatePlease to create content