Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Cisco Support Community site will be in read only mode on Dec14, 2017 from 12:01am PST to 11:30am for standard maintenance. Sorry for the inconvenience.

VPN not comming up

my vpn not comming up i have checked the plicies which is ok. my one end is cisco 611 and other is Netscreen.

i am getting the following error:

%CRYPTO-6-IKMP_MODE_FAILURE: Processing of Quick mode failed with peer at 203.x.x.244

This indicate that there is a phase 2 mismatch .but i have checehed the pame at both end.

my configuration which is same at both end.

My vpn is not comming up

Plz suggest me a solution

My config is as follows:

crypto isakmp policy 25

encr 3des

hash md5

authentication pre-share

group 2

crypto isakmp key TataMotorsIndia address 203.x.x.244

!

!

crypto ipsec transform-set mymap ah-md5-hmac esp-3des

!

!

crypto map tunnelmap 10 ipsec-isakmp

set peer 203.196.206.244

set transform-set mymap

match address 101

interface FastEthernet0/1

ip address 123.x.x.98 255.255.255.0

ip virtual-reassembly

duplex auto

speed auto

crypto map tunnelmap

access-list 101 permit ip host 192.168.7.64 128.9.0.0 0.0.255.255

1 REPLY

Re: VPN not comming up

Hi,

The problem is with the transform set.

no crypto ipsec transform-set mymap ah-md5-hmac esp-3des

crypto ipsec transform-set mymap esp-3des esp-md5-hmac

This will use only ESP for VPN, and the Phase 2 parameters are: 3DES, MD5

Please rate if this helped.

Regards,

Daniel

129
Views
0
Helpful
1
Replies
CreatePlease to create content