Re: problem wthi VPN encryption

infodesa1 · ‎07-10-2008

Hi,

I have a cisco router 2800, and i want to stablish an vpn encrypted connection with an ASA 5520 (property of a client of my own company)but i can't do it.

I have checked the configurations and the debugs, but I do not see where the mistake can be.

I attach the configuration and the debug gathered in c2800.

Thanks and regards.

a.alekseev · ‎07-10-2008

show full config....

JORGE RODRIGUEZ · ‎07-10-2008

Check the transform set configuration, both sides should be indentical..

*Jul 10 16:44:03.589: ISAKMP:(0:1:SW:1): hash verification failed for -1273054243!

Jorge Rodriguez

infodesa1 · ‎07-11-2008

The transform-set is equal in both sides, I am sure enough of it.

Which can be the meaning and the reason of this line in the debug? Don't you see anything that could be important?

Thanks and regards.

infodesa1 · ‎07-11-2008

I have continued checking the connection vpn and I have seen that the behavior is different if the traffic it generates by the ASA or by the c2800.

I attach the debug with the results of initiating the traffic from c2800.

at · ‎07-14-2008

hi,

check the traffic which you want to encrypt, should be the same on both sides. Also take a look that you do not nat this traffic (asa side) !

look at this example :

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805e8c80.shtml

regards

alex

a.alekseev · ‎07-14-2008

local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),

remote_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),

what is your crypto ACL on both sides?