Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN between RV042 and Cisco 2801

HI

Kindly help me out. I'm configuring a p2p vpn between a cisco 2801 with IOS 12.3 and a linksys RV042. I'm getting following error on Linksys and Cisco respectively.



[Tunnel Negotiation Info] >>> Initiator Send Main Mode 1st packet

Dec 19 02:40:42 2011     VPN Log    Received informational payload, type NO_PROPOSAL_CHOSEN

dst             src             state               conn-id     slot    status

x.x.x.x       x.x.x.x   MM_NO_STATE          0        0       ACTIVE

Below are my config:

Linksys RV042:

Keying Mode: IKE with Preshared Key

Phase1 DH Group: Group2

Phase1 Encryption: 3DES

Phase1 Authentication: MD5

Phase1 SA Life Time: 28800

Perfect forward secrecy : enabled

Phase2 DH Group: Group2

Phase2 Encryption: 3DES

Phase2 Authentication: MD5

Phase2 SA Life Time: 28800

Preshared Key: xxxxxx

Cisco 2801:

crypto isakmp policy 11

encr 3des

authentication pre-share

group 2

lifetime 28800

crypto isakmp key xxxxxx address xxxxxx

no crypto isakmp ccm

crypto ipsec transform-set STRONGER esp-3des esp-md5-hmac

crypto map myvpn 10 ipsec-isakmp

set peer xxxxxx

set transform-set STRONGER

set pfs group2

match address 103

interface FastEthernet0/0

ip address 10.0.0.56 255.255.255.0

ip nat inside

ip virtual-reassembly

no ip route-cache

duplex auto

speed auto

no mop enabled

!

interface FastEthernet0/1

ip address xxxx xxxx

ip nat outside

ip virtual-reassembly

no ip route-cache

duplex auto

speed auto

crypto map myvpn

ip nat pool branch xxxxxx xxxxx netmask 255.255.255.240

ip nat inside source route-map nonat pool branch overload

!

access-list 103 permit ip 10.0.0.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 110 deny   ip 10.0.0.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 110 permit ip 10.0.0.0 0.0.0.255 any

snmp-server community public RO

!

route-map nonat permit 10

match ip address 110


Rgards

SAM

2 REPLIES
New Member

VPN between RV042 and Cisco 2801

Bump. Anyone sucessfully get past the "NO_PROPOSAL_CHOSEN" errors?

New Member

VPN between RV042 and Cisco 2801

Hi,

It looks like you are using the default hash for the crypto isakmp policy and that your connection is failing on the phase 1 negotiation.  The default hash on the crypto isakmp policy is sha.  On the 2801 try adding hash md5.

crypto isakmp policy 11

encr 3des

hash md5

authentication pre-share

group 2

lifetime 28800

Let me know if that helps.

Thank you,

Jason NIckle

1234
Views
5
Helpful
2
Replies
CreatePlease login to create content