Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Router to concentrator VPN - Encryption/Authentication

Hello to all. I have an 827H running 12.2(8)YJ1 trying to establish a tunnel to a 3015 concentrator. I'm having trouble getting the tunnel up and am a little confused as to the encryption settings. I am told I have to use the following:

Hash Algo ESP/MD5/HMAC-128

Encryption IKE-3DES-MD5

Authentication ESP/MD5/HMAC-128

Diffie_Hellman Group - Group 2 (1024-bits)

and there is also a pre shared key.

However when I try to enter the "crypto ipsec transform-set <name> " command, I don't get these authentication/encryption types as options, the closest is "esp-3des esp-md5-hmac" and of course this doesn't work. Am I missing something? Is the router capable? Please find attached the relevant section of the config below.

Thanks

Dean

crypto isakmp policy 1

hash md5

authentication pre-share

group 2

crypto isakmp key xxxxxx address xx.xx.xx.xx

!

!

crypto ipsec transform-set xxxxx esp-3des esp-md5-hmac

!

crypto map xxxxx 10 ipsec-isakmp

set peer xx.xx.xx.xx

set transform-set xxxxxx

match address 115

1 REPLY
Silver

Re: Router to concentrator VPN - Encryption/Authentication

I am not sure if Group2 Diffe Helman works with the said combination.

Just try Group 1.

224
Views
0
Helpful
1
Replies
CreatePlease login to create content