Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1552
Views
5
Helpful
2
Replies

VPN between RV042 and Cisco 2801

sili12345
Level 1
Level 1

‎12-19-2011 08:55 PM

HI

Kindly help me out. I'm configuring a p2p vpn between a cisco 2801 with IOS 12.3 and a linksys RV042. I'm getting following error on Linksys and Cisco respectively.



[Tunnel Negotiation Info] >>> Initiator Send Main Mode 1st packet

Dec 19 02:40:42 2011     VPN Log    Received informational payload, type NO_PROPOSAL_CHOSEN

dst             src             state               conn-id     slot    status

x.x.x.x       x.x.x.x   MM_NO_STATE          0        0       ACTIVE

Below are my config:

Linksys RV042:

Keying Mode: IKE with Preshared Key

Phase1 DH Group: Group2

Phase1 Encryption: 3DES

Phase1 Authentication: MD5

Phase1 SA Life Time: 28800

Perfect forward secrecy : enabled

Phase2 DH Group: Group2

Phase2 Encryption: 3DES

Phase2 Authentication: MD5

Phase2 SA Life Time: 28800

Preshared Key: xxxxxx

Cisco 2801:

crypto isakmp policy 11

encr 3des

authentication pre-share

group 2

lifetime 28800

crypto isakmp key xxxxxx address xxxxxx

no crypto isakmp ccm

crypto ipsec transform-set STRONGER esp-3des esp-md5-hmac

crypto map myvpn 10 ipsec-isakmp

set peer xxxxxx

set transform-set STRONGER

set pfs group2

match address 103

interface FastEthernet0/0

ip address 10.0.0.56 255.255.255.0

ip nat inside

ip virtual-reassembly

no ip route-cache

duplex auto

speed auto

no mop enabled

!

interface FastEthernet0/1

ip address xxxx xxxx

ip nat outside

ip virtual-reassembly

no ip route-cache

duplex auto

speed auto

crypto map myvpn

ip nat pool branch xxxxxx xxxxx netmask 255.255.255.240

ip nat inside source route-map nonat pool branch overload

!

access-list 103 permit ip 10.0.0.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 110 deny   ip 10.0.0.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 110 permit ip 10.0.0.0 0.0.0.255 any

snmp-server community public RO

!

route-map nonat permit 10

match ip address 110


Rgards

SAM

Labels:
0 Helpful
2 Replies 2

cuchara61
Level 1
Level 1

‎09-17-2012 09:00 AM

Bump. Anyone sucessfully get past the "NO_PROPOSAL_CHOSEN" errors?

0 Helpful

janickle
Level 1
Level 1

‎09-17-2012 02:13 PM

Hi,

It looks like you are using the default hash for the crypto isakmp policy and that your connection is failing on the phase 1 negotiation.  The default hash on the crypto isakmp policy is sha.  On the 2801 try adding hash md5.

crypto isakmp policy 11

encr 3des

hash md5

authentication pre-share

group 2

lifetime 28800

Let me know if that helps.

Thank you,

Jason NIckle

Customers Also Viewed These Support Documents