VPN Cisco 2610 -> avm access-server

epag · ‎11-18-2003

Hi,

has some one configured an cisco 2610

with IOS (tm) C2600 Software (C2600-IK2S-M), Version 12.0(7)T,

RELEASE SOFTWARE (fc2)

to connect to an AVM Access Server Ver. 1.0.0.31 over VPN ?

I've some problems to do.

The VPN is established but no traffic comes back to the avm-access-server

the debug/config output on the cisco is:

16w4d: ISAKMP: transform 1, ESP_DES

16w4d: ISAKMP: attributes in transform:

16w4d: ISAKMP: authenticator is HMAC-SHA

16w4d: ISAKMP: group is 2

16w4d: ISAKMP: SA life type in seconds

16w4d: ISAKMP: SA life duration (basic) of 3600

16w4d: ISAKMP: encaps is 1

16w4d: IPSEC(validate_proposal): transform proposal (prot 3, trans 2,

hmac_alg 2) not supported

16w4d: ISAKMP (0:8): atts not acceptable. Next payload is 0

16w4d: ISAKMP (0:8): Checking IPSec proposal 13

16w4d: ISAKMP: transform 1, ESP_3DES

16w4d: ISAKMP: attributes in transform:

16w4d: ISAKMP: authenticator is HMAC-MD5

16w4d: ISAKMP: group is 2

16w4d: ISAKMP: SA life type in seconds

16w4d: ISAKMP: SA life duration (basic) of 3600

16w4d: ISAKMP: encaps is 1

16w4d: IPSEC(validate_proposal): transform proposal (prot 3, trans 3,

hmac_alg 1) not supported

16w4d: ISAKMP (0:8): atts not acceptable. Next payload is 0

16w4d: ISAKMP (0:8): skipping next ANDed proposal (13)

16w4d: ISAKMP (0:8): Checking IPSec proposal 14

16w4d: ISAKMP: transform 1, ESP_3DES

16w4d: ISAKMP: attributes in transform:

16w4d: ISAKMP: authenticator is HMAC-MD5

16w4d: ISAKMP: group is 2

16w4d: ISAKMP: SA life type in seconds

16w4d: ISAKMP: SA life duration (basic) of 3600

16w4d: ISAKMP: encaps is 1

16w4d: IPSEC(validate_proposal): transform proposal (prot 3, trans 3,

hmac_alg 1) not supported

16w4d: ISAKMP (0:8): atts not acceptable. Next payload is 0

16w4d: ISAKMP (0:8): Checking IPSec proposal 15

16w4d: ISAKMP: transform 1, ESP_DES

16w4d: ISAKMP: attributes in transform:

16w4d: ISAKMP: authenticator is HMAC-MD5

16w4d: ISAKMP: group is 2

16w4d: ISAKMP: SA life type in seconds

16w4d: ISAKMP: SA life duration (basic) of 3600

16w4d: ISAKMP: encaps is 1

16w4d: IPSEC(validate_proposal): transform proposal (prot 3, trans 2,

hmac_alg 1) not supported

16w4d: ISAKMP (0:8): atts not acceptable. Next payload is 0

16w4d: ISAKMP (0:8): skipping next ANDed proposal (15)

16w4d: ISAKMP (0:8): Checking IPSec proposal 16

16w4d: ISAKMP: transform 1, ESP_DES

16w4d: ISAKMP: attributes in transform:

16w4d: ISAKMP: authenticator is HMAC-MD5

16w4d: ISAKMP: group is 2

16w4d: ISAKMP: SA life type in seconds

16w4d: ISAKMP: SA life duration (basic) of 3600

16w4d: ISAKMP: encaps is 1

16w4d: IPSEC(validate_proposal): transform proposal (prot 3, trans 2,

hmac_alg 1) not supported

16w4d: ISAKMP (0:8): atts not acceptable. Next payload is 0

16w4d: ISAKMP (0:8): SA not acceptable!

16w4d: ISAKMP (0:8): deleting SA

and so on.

the config is:

ip route ddd.ddd.ddd.ddd 255.255.254.0 Ethernet0/0

crypto isakmp policy 130

authentication pre-share

group 2

lifetime 3600

crypto isakmp key cisco123 address xxx.xxx.xxx.xxx

crypto isakmp key 321cisco address 0.0.0.0

!

crypto ipsec transform-set VPN ah-md5-hmac esp-des esp-md5-hmac

crypto ipsec transform-set VPN2 ah-sha-hmac esp-3des esp-sha-hmac

!

crypto dynamic-map VPN 100

set transform-set VPN

match address 110

!

crypto map VPN 100 ipsec-isakmp dynamic VPN discover

crypto map VPN2 local-address Ethernet0/0

crypto map VPN2 10 ipsec-isakmp

set peer xxx.xxx.xxx.xxx

set transform-set VPN2

match address 130

Interface Eth0/0

crypto map VPN2

interface Serial0/0:0

crypto map VPN

access-list 110 permit ip bbb.bbb.bbb.bbb 0.0.255.255 aaa.aaa.aaa.aaa

0.0.0.15

access-list 130 permit ip host ccc.ccc.ccc.ccc ddd.ddd.ddd.ddd

0.0.1.255

please help ...

- Carsten

benhur.p · ‎11-24-2003

Can you try changing the groupp?