Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1392
Views
0
Helpful
1
Replies

Router to concentrator VPN - Encryption/Authentication

ddnicholls
Level 1
Level 1

‎07-07-2003 09:55 PM - edited ‎02-21-2020 10:07 AM

Hello to all. I have an 827H running 12.2(8)YJ1 trying to establish a tunnel to a 3015 concentrator. I'm having trouble getting the tunnel up and am a little confused as to the encryption settings. I am told I have to use the following:

Hash Algo ESP/MD5/HMAC-128

Encryption IKE-3DES-MD5

Authentication ESP/MD5/HMAC-128

Diffie_Hellman Group - Group 2 (1024-bits)

and there is also a pre shared key.

However when I try to enter the "crypto ipsec transform-set <name> " command, I don't get these authentication/encryption types as options, the closest is "esp-3des esp-md5-hmac" and of course this doesn't work. Am I missing something? Is the router capable? Please find attached the relevant section of the config below.

Thanks

Dean

crypto isakmp policy 1

hash md5

authentication pre-share

group 2

crypto isakmp key xxxxxx address xx.xx.xx.xx

!

!

crypto ipsec transform-set xxxxx esp-3des esp-md5-hmac

!

crypto map xxxxx 10 ipsec-isakmp

set peer xx.xx.xx.xx

set transform-set xxxxxx

match address 115

Labels:
0 Helpful
1 Reply 1

umedryk
Level 5
Level 5

‎07-14-2003 06:56 AM

I am not sure if Group2 Diffe Helman works with the said combination.

Just try Group 1.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents