Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN Cisco 2610 -> avm access-server

Hi,

has some one configured an cisco 2610

with IOS (tm) C2600 Software (C2600-IK2S-M), Version 12.0(7)T,

RELEASE SOFTWARE (fc2)

to connect to an AVM Access Server Ver. 1.0.0.31 over VPN ?

I've some problems to do.

The VPN is established but no traffic comes back to the avm-access-server

the debug/config output on the cisco is:

16w4d: ISAKMP: transform 1, ESP_DES

16w4d: ISAKMP: attributes in transform:

16w4d: ISAKMP: authenticator is HMAC-SHA

16w4d: ISAKMP: group is 2

16w4d: ISAKMP: SA life type in seconds

16w4d: ISAKMP: SA life duration (basic) of 3600

16w4d: ISAKMP: encaps is 1

16w4d: IPSEC(validate_proposal): transform proposal (prot 3, trans 2,

hmac_alg 2) not supported

16w4d: ISAKMP (0:8): atts not acceptable. Next payload is 0

16w4d: ISAKMP (0:8): Checking IPSec proposal 13

16w4d: ISAKMP: transform 1, ESP_3DES

16w4d: ISAKMP: attributes in transform:

16w4d: ISAKMP: authenticator is HMAC-MD5

16w4d: ISAKMP: group is 2

16w4d: ISAKMP: SA life type in seconds

16w4d: ISAKMP: SA life duration (basic) of 3600

16w4d: ISAKMP: encaps is 1

16w4d: IPSEC(validate_proposal): transform proposal (prot 3, trans 3,

hmac_alg 1) not supported

16w4d: ISAKMP (0:8): atts not acceptable. Next payload is 0

16w4d: ISAKMP (0:8): skipping next ANDed proposal (13)

16w4d: ISAKMP (0:8): Checking IPSec proposal 14

16w4d: ISAKMP: transform 1, ESP_3DES

16w4d: ISAKMP: attributes in transform:

16w4d: ISAKMP: authenticator is HMAC-MD5

16w4d: ISAKMP: group is 2

16w4d: ISAKMP: SA life type in seconds

16w4d: ISAKMP: SA life duration (basic) of 3600

16w4d: ISAKMP: encaps is 1

16w4d: IPSEC(validate_proposal): transform proposal (prot 3, trans 3,

hmac_alg 1) not supported

16w4d: ISAKMP (0:8): atts not acceptable. Next payload is 0

16w4d: ISAKMP (0:8): Checking IPSec proposal 15

16w4d: ISAKMP: transform 1, ESP_DES

16w4d: ISAKMP: attributes in transform:

16w4d: ISAKMP: authenticator is HMAC-MD5

16w4d: ISAKMP: group is 2

16w4d: ISAKMP: SA life type in seconds

16w4d: ISAKMP: SA life duration (basic) of 3600

16w4d: ISAKMP: encaps is 1

16w4d: IPSEC(validate_proposal): transform proposal (prot 3, trans 2,

hmac_alg 1) not supported

16w4d: ISAKMP (0:8): atts not acceptable. Next payload is 0

16w4d: ISAKMP (0:8): skipping next ANDed proposal (15)

16w4d: ISAKMP (0:8): Checking IPSec proposal 16

16w4d: ISAKMP: transform 1, ESP_DES

16w4d: ISAKMP: attributes in transform:

16w4d: ISAKMP: authenticator is HMAC-MD5

16w4d: ISAKMP: group is 2

16w4d: ISAKMP: SA life type in seconds

16w4d: ISAKMP: SA life duration (basic) of 3600

16w4d: ISAKMP: encaps is 1

16w4d: IPSEC(validate_proposal): transform proposal (prot 3, trans 2,

hmac_alg 1) not supported

16w4d: ISAKMP (0:8): atts not acceptable. Next payload is 0

16w4d: ISAKMP (0:8): SA not acceptable!

16w4d: ISAKMP (0:8): deleting SA

and so on.

the config is:

ip route ddd.ddd.ddd.ddd 255.255.254.0 Ethernet0/0

crypto isakmp policy 130

authentication pre-share

group 2

lifetime 3600

crypto isakmp key cisco123 address xxx.xxx.xxx.xxx

crypto isakmp key 321cisco address 0.0.0.0

!

!

crypto ipsec transform-set VPN ah-md5-hmac esp-des esp-md5-hmac

crypto ipsec transform-set VPN2 ah-sha-hmac esp-3des esp-sha-hmac

!

crypto dynamic-map VPN 100

set transform-set VPN

match address 110

!

crypto map VPN 100 ipsec-isakmp dynamic VPN discover

crypto map VPN2 local-address Ethernet0/0

crypto map VPN2 10 ipsec-isakmp

set peer xxx.xxx.xxx.xxx

set transform-set VPN2

match address 130

Interface Eth0/0

crypto map VPN2

interface Serial0/0:0

crypto map VPN

access-list 110 permit ip bbb.bbb.bbb.bbb 0.0.255.255 aaa.aaa.aaa.aaa

0.0.0.15

access-list 130 permit ip host ccc.ccc.ccc.ccc ddd.ddd.ddd.ddd

0.0.1.255

please help ...

- Carsten

1 REPLY
New Member

Re: VPN Cisco 2610 -> avm access-server

Can you try changing the groupp?

137
Views
0
Helpful
1
Replies