Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN tunnel debug out put

Hi,

We are facing some problem with VPN tunnel from router to router.

We are forming tunnel from R1 to R2 on loopback address. It was working ok and suddenly it is showing status as down.

I am attaching debug cry ipsec output here in text mode.

Here we suspect :

Feb 26 11:02:40.779: ISAKMP:(0:0:N/A:0):Encryption algorithm offered does not match policy!

Coincidently it was working and suddenly gone down.

Thanks and advance

Subodh

3 REPLIES
Cisco Employee

Re: VPN tunnel debug out put

Hi,

The Phase 1 attributes are matching, so thats not an issue. It seems to be an issue with the pre-shared key.

Try resetting pre-shared key on both the ends.

Hope this helps.

-Kanishka

Cisco Employee

Re: VPN tunnel debug out put

Hi,

As per the debugs, it seems that you are using certs for the authentication which is failing and a possible reason is the cert on one end has expired. Please check the validity of the cert.

HTH,

Please rate if it helps,

Regards,

Kamal

New Member

Re: VPN tunnel debug out put

I think the phase 1 policies are not configured on the router whose debugs are attached, do you really wanna do isakmp authentication with certificates or you have pre-shared key configured? please configure the phase 1 policy matching teh remote peer.

what re the debugs on the remote peer, is it possible for you paste the config on both the sides??

286
Views
0
Helpful
3
Replies
CreatePlease login to create content