Tunnel Issues

eperezrdz · ‎02-01-2008

here's a brief description , we have 2 routers that were working for at least 2 years sudenly a couple of days ago we got this message and the tunnel didnt pass any traffic.

%CRYPTO-6-IKMP_CRYPT_FAILURE: IKE (connection id 268435457) unable to decrypt (w/RSA private key) packet

we removed the crypto map and everything is working now , the only config changed because a company requeriment was a line , one of the routers used to have no ip domain lookup and the change was setting to ip domain lookup nothing else was done , any ideas was caused the failure???

f.aoun · ‎02-01-2008

check if isakmp identity is hostname not address.

eperezrdz · ‎02-01-2008

Thanks for the reply Â¡ , this is before:

no ip domain-lookup

ip domain-name xxxxxxxxx.com

!

crypto isakmp policy 10

encr 3des

authentication rsa-encr

group 2

!

crypto ipsec transform-set xxxx-trans ah-sha-hmac esp-3des

crypto ipsec df-bit clear

!

crypto map xxxxxxx 10 ipsec-isakmp

set peer 1x.xxx.xx.x

set security-association level per-host

set transform-set xxxx-trans

match address xxxxxxxxxx

!

crypto key pubkey-chain rsa

addressed-key xx.xxx.xxx.xxx encryption

address 1x.xxx.xx.x

This is afeter:

ip domain-name xxxxx.com

!

crypto isakmp policy 10

encr 3des

authentication rsa-encr

group 2

!

crypto ipsec transform-set xxxx-trans ah-sha-hmac esp-3des

crypto ipsec df-bit clear

!

crypto map xxxxxx 10 ipsec-isakmp

set peer xx.xxx.xx.x set security-association level per-host

set transform-set xxxxx-trans

match address xxxxx

!

crypto key pubkey-chain rsa

addressed-key xx.xxx.xxx.xx encryption

address xx.xxx.x.x

key-string

Any more toughts?? how to check what you suggest me??