11-18-2003 06:51 AM - edited 02-21-2020 12:52 PM
Hi,
has some one configured an cisco 2610
with IOS (tm) C2600 Software (C2600-IK2S-M), Version 12.0(7)T,
RELEASE SOFTWARE (fc2)
to connect to an AVM Access Server Ver. 1.0.0.31 over VPN ?
I've some problems to do.
The VPN is established but no traffic comes back to the avm-access-server
the debug/config output on the cisco is:
16w4d: ISAKMP: transform 1, ESP_DES
16w4d: ISAKMP: attributes in transform:
16w4d: ISAKMP: authenticator is HMAC-SHA
16w4d: ISAKMP: group is 2
16w4d: ISAKMP: SA life type in seconds
16w4d: ISAKMP: SA life duration (basic) of 3600
16w4d: ISAKMP: encaps is 1
16w4d: IPSEC(validate_proposal): transform proposal (prot 3, trans 2,
hmac_alg 2) not supported
16w4d: ISAKMP (0:8): atts not acceptable. Next payload is 0
16w4d: ISAKMP (0:8): Checking IPSec proposal 13
16w4d: ISAKMP: transform 1, ESP_3DES
16w4d: ISAKMP: attributes in transform:
16w4d: ISAKMP: authenticator is HMAC-MD5
16w4d: ISAKMP: group is 2
16w4d: ISAKMP: SA life type in seconds
16w4d: ISAKMP: SA life duration (basic) of 3600
16w4d: ISAKMP: encaps is 1
16w4d: IPSEC(validate_proposal): transform proposal (prot 3, trans 3,
hmac_alg 1) not supported
16w4d: ISAKMP (0:8): atts not acceptable. Next payload is 0
16w4d: ISAKMP (0:8): skipping next ANDed proposal (13)
16w4d: ISAKMP (0:8): Checking IPSec proposal 14
16w4d: ISAKMP: transform 1, ESP_3DES
16w4d: ISAKMP: attributes in transform:
16w4d: ISAKMP: authenticator is HMAC-MD5
16w4d: ISAKMP: group is 2
16w4d: ISAKMP: SA life type in seconds
16w4d: ISAKMP: SA life duration (basic) of 3600
16w4d: ISAKMP: encaps is 1
16w4d: IPSEC(validate_proposal): transform proposal (prot 3, trans 3,
hmac_alg 1) not supported
16w4d: ISAKMP (0:8): atts not acceptable. Next payload is 0
16w4d: ISAKMP (0:8): Checking IPSec proposal 15
16w4d: ISAKMP: transform 1, ESP_DES
16w4d: ISAKMP: attributes in transform:
16w4d: ISAKMP: authenticator is HMAC-MD5
16w4d: ISAKMP: group is 2
16w4d: ISAKMP: SA life type in seconds
16w4d: ISAKMP: SA life duration (basic) of 3600
16w4d: ISAKMP: encaps is 1
16w4d: IPSEC(validate_proposal): transform proposal (prot 3, trans 2,
hmac_alg 1) not supported
16w4d: ISAKMP (0:8): atts not acceptable. Next payload is 0
16w4d: ISAKMP (0:8): skipping next ANDed proposal (15)
16w4d: ISAKMP (0:8): Checking IPSec proposal 16
16w4d: ISAKMP: transform 1, ESP_DES
16w4d: ISAKMP: attributes in transform:
16w4d: ISAKMP: authenticator is HMAC-MD5
16w4d: ISAKMP: group is 2
16w4d: ISAKMP: SA life type in seconds
16w4d: ISAKMP: SA life duration (basic) of 3600
16w4d: ISAKMP: encaps is 1
16w4d: IPSEC(validate_proposal): transform proposal (prot 3, trans 2,
hmac_alg 1) not supported
16w4d: ISAKMP (0:8): atts not acceptable. Next payload is 0
16w4d: ISAKMP (0:8): SA not acceptable!
16w4d: ISAKMP (0:8): deleting SA
and so on.
the config is:
ip route ddd.ddd.ddd.ddd 255.255.254.0 Ethernet0/0
crypto isakmp policy 130
authentication pre-share
group 2
lifetime 3600
crypto isakmp key cisco123 address xxx.xxx.xxx.xxx
crypto isakmp key 321cisco address 0.0.0.0
!
!
crypto ipsec transform-set VPN ah-md5-hmac esp-des esp-md5-hmac
crypto ipsec transform-set VPN2 ah-sha-hmac esp-3des esp-sha-hmac
!
crypto dynamic-map VPN 100
set transform-set VPN
match address 110
!
crypto map VPN 100 ipsec-isakmp dynamic VPN discover
crypto map VPN2 local-address Ethernet0/0
crypto map VPN2 10 ipsec-isakmp
set peer xxx.xxx.xxx.xxx
set transform-set VPN2
match address 130
Interface Eth0/0
crypto map VPN2
interface Serial0/0:0
crypto map VPN
access-list 110 permit ip bbb.bbb.bbb.bbb 0.0.255.255 aaa.aaa.aaa.aaa
0.0.0.15
access-list 130 permit ip host ccc.ccc.ccc.ccc ddd.ddd.ddd.ddd
0.0.1.255
please help ...
- Carsten
11-24-2003 05:43 AM
Can you try changing the groupp?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide