Re: VPN not establishing a connection.

apriore685 · ‎09-15-2003

Hello All

I have a pix 515 that has been up and running for almost a year now with a VPN config on it. Up until about 3 weeks ao VPN worked, now I am unable to establish a connection. When I doa debug I get an error that says "ISAKMP (0): atts are not acceptable." also in the log files I see a message "305005: No translation group found for tcp src outside:65.114.42.221/1469 dst in". I have re-written the VPN config and access-lists and still does not work. I will be upgrading to the latest IOs tonight. Does anyone have any thoughts?

Thanks

Anthony

tvanginneken · ‎09-15-2003

Hi,

'atts are not acceptable' meas that there is something wrong with the negotiated IKE parameters. Try some combination of the parameters below:

encryption algorithm: DES, 3DES, AES

hashing algorithm: SHA1, MD5

DH group: group 1,2,...

ISAKMP SA lifetime

Kind Regards,

Tom

bhillman · ‎09-15-2003

Your Isakmp policies don't match. You can create as many policies as you like. The lower the number, the higher the priority. Do you control both ends? IF it was working and quit, something had to change. But nevertheless if you create a policy that matches the remote end, it will work. Most likely changes are key or peer address. First tool, see if you can ping the peer address in the clear, if you can't IPSEC will NEVER work.

apriore685 · ‎09-16-2003

Everything is now working.

Stange thing though, NOTHING changed. Line for line the config was the same as I left it. What I did was to completely remove the VPN config. Last time I though I re-moved the VPN config I had still left 1 or 2 lines in, this time I made sure it was all clear. Copied and pasted the exact same config back in and it worked.