Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
817
Views
0
Helpful
1
Replies

Issue with DMVPN from 877W to 1841

cisco
Level 1
Level 1

‎03-18-2009 09:42 PM - edited ‎02-21-2020 04:11 PM

I am trying to connect an 877W to an 1841 via DMVPN. An existing connection with 857W works fine using the same configuration (different tunnel IP etc)

When I debug the crypto engine I get ...

000097: Mar 19 14:26:39.058 Brisban: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON

000098: Mar 19 14:26:39.062 Brisban: select crypto engine: ce_engine[3] does not accept the capabilities

Would anyone have an suggestions what could be causing this?

Labels:
0 Helpful
1 Reply 1

cisco
Level 1
Level 1

‎03-18-2009 09:50 PM

Some configs:

The 877W

crypto isakmp policy 99

authentication pre-share

crypto isakmp key secret address 0.0.0.0 0.0.0.0

crypto isakmp invalid-spi-recovery

crypto isakmp keepalive 10

crypto isakmp nat keepalive 20

!

!

crypto ipsec transform-set trans99 esp-des esp-md5-hmac comp-lzs

mode transport

!

crypto ipsec profile vpnprof

set transform-set trans99

Tunnel99

tunnel protection ipsec profile vpnprof

sh crypto engine configuration

crypto engine name: Virtual Private Network (VPN) Module

crypto engine type: hardware

State: Enabled

Location: onboard 0

Product Name: Onboard-VPN

FW Version: 1

Time running: 2930 seconds

Compression: Yes

DES: Yes

3 DES: Yes

AES CBC: Yes (128,192,256)

AES CNTR: No

Maximum buffer length: 4096

Maximum DH index: 0020

Maximum SA index: 0020

Maximum Flow index: 0040

Maximum RSA key size: 0000

crypto lib version: 20.0.0

crypto lib version: 20.0.0

The 1841

crypto isakmp policy 99

authentication pre-share

crypto isakmp key secret address 0.0.0.0 0.0.0.0

crypto isakmp invalid-spi-recovery

crypto isakmp keepalive 10

crypto isakmp nat keepalive 20

!

!

crypto ipsec transform-set trans99 esp-des esp-md5-hmac comp-lzs

mode transport

!

crypto ipsec profile vpnprof

set transform-set trans99

Tunnel99

tunel protection ipsec profile vpnprof

sh crypto engine configuration

crypto engine name: Virtual Private Network (VPN) Module

crypto engine type: hardware

State: Enabled

Location: onboard 0

Product Name: Onboard-VPN

HW Version: 1.0

Compression: Yes

DES: Yes

3 DES: Yes

AES CBC: Yes (128,192,256)

AES CNTR: No

Maximum buffer length: 4096

Maximum DH index: 0000

Maximum SA index: 0000

Maximum Flow index: 0300

Maximum RSA key size: 0000

crypto lib version: 19.0.0

crypto engine in slot: 0

platform: VPN hardware accelerator

Crypto Adjacency Counts:

Lock Count: 14086

Unlock Count: 14086

crypto lib version: 19.0.0

0 Helpful
Customers Also Viewed These Support Documents