01-22-2009 01:12 AM - edited 02-21-2020 04:07 PM
Hi Guys,
I'm trying to setup IPSec with HSRP but I'm having some problems.
I have a single router TEST_R3 acting as a client on an unknown IP address.
I have 2 routers TEST_R0 and TEST_R1 acting as end points, both configured with a HSRP group called REDUNDANT2.
TEST_R1 is the active router (TEST_R0 is actually switched off). The standby IP is 10.2.1.254
The client, TEST_R3 is configured to peer with the HSRP IP address.
When TEST_R3 attempts connectivity I receive the following error on TEST_R1:
*Mar 1 01:04:38.451: map_db_find_best did not find matching map
*Mar 1 01:04:38.455: IPSEC(validate_transform_proposal): no IPSEC cryptomap exists for local address 10.2.1.254
*Mar 1 01:04:38.467: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Quick mode failed with peer at 99.0.0.3
It says something about invalid transform sets yet I assure you there are valid matching sets configured on each end. So I suppose my question is, what is this error trying to tell me?
I've attached relevant config for each device.
TIA
Scott
01-22-2009 01:14 AM
Sorry guys, screwed up on those attachments. The file name depicts the correct device. So file 1 is R3, file 2 is R1
01-27-2009 08:12 PM
Just bumping this up.
If my setup is hard to understand, I can post the GNS3 .net file, or preferably, someone could post me their working setup with configs and leave me to figure it out from there.
Cheers
Scott
01-28-2009 06:08 AM
Have you tried removing the crypto map from the interface, and clearing all the crypto states "clear crypto sa" "clear crypto isakmp" then applying the crypto map again?
I remember I had this issue long ago, and I think it was an issue with the hsrp configuration, can remember what exactly, so try to go over the configuraiton again.
02-01-2009 01:21 PM
Thanks Ivan. I've give nthat a go but no luck unfortunately. I've found some more examples just now that have slightly diffrerent config. I'll try them when I get home. Let you know what I find.
Rgds
Scott
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: