Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
623
Views
0
Helpful
2
Replies

PIX with Draytek 2900

alexander.ott
Level 1
Level 1

‎11-07-2005 07:08 AM - edited ‎02-21-2020 12:30 AM

HI all,

I'm trying to get a Draytek Vigor 2900 to talk through ipsec vpn to a PIX 515E running OS7.0.4. The pix has a fixed IP-Address and the Vigor has a DSL-Line connected providing changing addresses. The PIX-Log tells me "All IPSec SA proposals found unacceptable!" after the connection to the dynamic map and the default L2L-Group.

Can anybody give me a hint what to do?

Every help is welcome.

Thanks in advance

Regards

Alexander Ott

0 Helpful
2 Replies 2

b.hsu
Level 5
Level 5

‎11-11-2005 07:07 AM

The issue may be due to

IKE: Failing on Phase 1 negotiation

Group [3002group]

authentication required but selected Proposal does not support authentication,

Check priorities of IKE xauth proposals in IKE proposal list.

0 Helpful

alexander.ott
Level 1
Level 1
In response to b.hsu

‎11-13-2005 11:49 PM

Hi,

thanks for your answer.

Finally we got another hint which solved the problem. Actually the proposals were wrong. The Draytek was set to "no pfs" which was not abbreviated in the Draytec's html-page. So we set the pix to "no pfs" and finally it worked.

Thanks

Alex

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card