09-21-2014 05:21 AM - edited 02-21-2020 07:50 PM
hello,
i am trying to connect cisco 2911 router with noncisco routers (HP, TPlink) using site-to-site ipsec vpn with crypto-maps.
the problem is that vpn traffic shows "#send errors" if command "crypto isakmp identity dn" is used (we are using it for certificate based authentication for cisco vpn clients). when i delete the command, vpn works fine with noncisco devices.
please can you advice if there is any option on cisco ios to solve the problem.
thanks
giga
Solved! Go to Solution.
09-22-2014 02:11 AM
okay,
try using isakmp profile, something like below:
crypto isakmp profile test
match identity address 1.1.1.1 255.255.255.255
now under crypto map call the isakmp profile as below:
crypto map test 1 ipsec-isakmp test
-Altaf
09-22-2014 01:23 AM
Hi,
Can you try using this command instead of the above:
crypto isakmp identity auto
09-22-2014 01:30 AM
Hi,
thank for reply
unfortunately ios doesn't have AUTO command, it has only ADDRESS, DN and HOSTNAME .
giga
09-22-2014 02:11 AM
okay,
try using isakmp profile, something like below:
crypto isakmp profile test
match identity address 1.1.1.1 255.255.255.255
now under crypto map call the isakmp profile as below:
crypto map test 1 ipsec-isakmp test
-Altaf
09-22-2014 03:41 AM
thanks Altaf, you gave me right way for problem solution.
this configuration of crypto isakmp profile works fine for me:
crypto isakmp profile test
keyring test
self-identity address
match identity address x.x.x.x 255.255.255.255
giga
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide