02-01-2008 06:17 AM - edited 03-09-2019 08:01 PM
here's a brief description , we have 2 routers that were working for at least 2 years sudenly a couple of days ago we got this message and the tunnel didnt pass any traffic.
%CRYPTO-6-IKMP_CRYPT_FAILURE: IKE (connection id 268435457) unable to decrypt (w/RSA private key) packet
we removed the crypto map and everything is working now , the only config changed because a company requeriment was a line , one of the routers used to have no ip domain lookup and the change was setting to ip domain lookup nothing else was done , any ideas was caused the failure???
02-01-2008 06:46 AM
check if isakmp identity is hostname not address.
02-01-2008 06:56 AM
Thanks for the reply ¡ , this is before:
no ip domain-lookup
ip domain-name xxxxxxxxx.com
!
crypto isakmp policy 10
encr 3des
authentication rsa-encr
group 2
!
!
crypto ipsec transform-set xxxx-trans ah-sha-hmac esp-3des
crypto ipsec df-bit clear
!
crypto map xxxxxxx 10 ipsec-isakmp
set peer 1x.xxx.xx.x
set security-association level per-host
set transform-set xxxx-trans
match address xxxxxxxxxx
!
!
crypto key pubkey-chain rsa
addressed-key xx.xxx.xxx.xxx encryption
address 1x.xxx.xx.x
This is afeter:
ip domain-name xxxxx.com
!
crypto isakmp policy 10
encr 3des
authentication rsa-encr
group 2
!
!
crypto ipsec transform-set xxxx-trans ah-sha-hmac esp-3des
crypto ipsec df-bit clear
!
crypto map xxxxxx 10 ipsec-isakmp
set peer xx.xxx.xx.x set security-association level per-host
set transform-set xxxxx-trans
match address xxxxx
!
!
crypto key pubkey-chain rsa
addressed-key xx.xxx.xxx.xx encryption
address xx.xxx.x.x
key-string
Any more toughts?? how to check what you suggest me??
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: