09-15-2003 09:37 AM - edited 02-21-2020 12:46 PM
Hello All
I have a pix 515 that has been up and running for almost a year now with a VPN config on it. Up until about 3 weeks ao VPN worked, now I am unable to establish a connection. When I doa debug I get an error that says "ISAKMP (0): atts are not acceptable." also in the log files I see a message "305005: No translation group found for tcp src outside:65.114.42.221/1469 dst in". I have re-written the VPN config and access-lists and still does not work. I will be upgrading to the latest IOs tonight. Does anyone have any thoughts?
Thanks
Anthony
09-15-2003 11:28 AM
Hi,
'atts are not acceptable' meas that there is something wrong with the negotiated IKE parameters. Try some combination of the parameters below:
encryption algorithm: DES, 3DES, AES
hashing algorithm: SHA1, MD5
DH group: group 1,2,...
ISAKMP SA lifetime
Kind Regards,
Tom
09-15-2003 06:42 PM
Your Isakmp policies don't match. You can create as many policies as you like. The lower the number, the higher the priority. Do you control both ends? IF it was working and quit, something had to change. But nevertheless if you create a policy that matches the remote end, it will work. Most likely changes are key or peer address. First tool, see if you can ping the peer address in the clear, if you can't IPSEC will NEVER work.
09-16-2003 03:48 AM
Everything is now working.
Stange thing though, NOTHING changed. Line for line the config was the same as I left it. What I did was to completely remove the VPN config. Last time I though I re-moved the VPN config I had still left 1 or 2 lines in, this time I made sure it was all clear. Copied and pasted the exact same config back in and it worked.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide