Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

2801 ios advipservices.123-14.T6 problem with vpn client but 1760 no proble

2801 ios advipservices.123-14.T6 problem with vpn client but 1760 no problem with vpn client.

I have a lab with router 1760 and the same version of ios, my surprise it works without problem... ummm

Maybe the router or ios (2801) have a problem.

When tried connect to office with vpn client 4.8 not connect a logg this error with router debug:

Mar 14 16:21:08 GMT: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 13 against priority 1 policy

Mar 14 16:21:08 GMT: ISAKMP: encryption DES-CBC

Mar 14 16:21:08 GMT: ISAKMP: hash MD5

Mar 14 16:21:08 GMT: ISAKMP: default group 2

Mar 14 16:21:08 GMT: ISAKMP: auth XAUTHInitPreShared

Mar 14 16:21:08 GMT: ISAKMP: life type in seconds

Mar 14 16:21:08 GMT: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B

Mar 14 16:21:08 GMT: ISAKMP:(0:0:N/A:0):Xauth authentication by pre-shared key offered but does not match policy!

Mar 14 16:21:08 GMT: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 3

Mar 14 16:21:08 GMT: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 14 against priority 1 policy

Mar 14 16:21:08 GMT: ISAKMP: encryption DES-CBC

Mar 14 16:21:08 GMT: ISAKMP: hash MD5

Mar 14 16:21:08 GMT: ISAKMP: default group 2

Mar 14 16:21:08 GMT: ISAKMP: auth pre-share

Mar 14 16:21:08 GMT: ISAKMP: life type in seconds

Mar 14 16:21:08 GMT: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B

Mar 14 16:21:08 GMT: ISAKMP:(0:0:N/A:0):Preshared authentication offered but does not match policy!

Mar 14 16:21:08 GMT: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 0

Mar 14 16:21:08 GMT: ISAKMP:(0:0:N/A:0):Hash algorithm offered does not match policy!

Mar 14 16:21:08 GMT: ISAKMP:(0:0:N/A:0):atts are not acceptable. Next payload is 0

Mar 14 16:21:08 GMT: ISAKMP:(0:0:N/A:0):no offers accepted!

Mar 14 16:21:08 GMT: ISAKMP:(0:0:N/A:0): phase 1 SA policy not acceptable!

This is the partial configuration:

aaa new-model

!

!

aaa authentication password-prompt "Enter the password:"

aaa authentication username-prompt "Enter the user:"

aaa authentication login userauthentication local

aaa authorization network groupauthor local

!

aaa session-id common

!

username xxxx privilege 15 password 7 xxxxxx

!

!

!

crypto isakmp policy 1

hash md5

authentication pre-share

group 2

!

crypto isakmp policy 2

encr 3des

hash md5

authentication pre-share

group 2

!

crypto isakmp policy 3

encr 3des

authentication pre-share

group 2

crypto isakmp key xxxx address 0.0.0.0 0.0.0.0 no-xauth

no crypto isakmp ccm

!

crypto isakmp client configuration group vpnsa

key xxxxx

dns 207.x.x.x

domain ms.mnet.com.mx

pool remotas

acl 105

netmask 255.255.255.0

!

crypto ipsec security-association lifetime seconds 28800

!

crypto ipsec transform-set vpn esp-des esp-md5-hmac

crypto ipsec transform-set vpn2 esp-3des esp-sha-hmac

crypto ipsec transform-set to_vpn esp-3des esp-md5-hmac

!

crypto dynamic-map dynmap 3

set transform-set vpn vpn2

reverse-route

!

crypto dynamic-map datos 1

set transform-set vpn

match address 102

!

!

crypto map servicios client authentication list userauthentication

crypto map servicios isakmp authorization list groupauthor

crypto map servicios client configuration address respond

crypto map servicios 1 ipsec-isakmp dynamic datos

crypto map servicios 3 ipsec-isakmp dynamic dynmap

!

277
Views
0
Helpful
0
Replies