Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN errors, not connecting

I have a router that I am trying to put in place of a working VPN concentrator to a remote site.

The tunnel is up and working on the concentrator.

Can someone check my config to see if there are any glaring errors?

The concentrator is configure for the following:

Authentication: ESP/SHA/HMAC-160

Encryption: 3DES-168

IKE Proposal: IKE-3DES-SHA-PSK

when I put the router in place of the COncentrator I get the following errors from debug:

*Aug 9 12:28:26.147: ISAKMP: received ke message (3/1)

*Aug 9 12:28:26.147: ISAKMP: ignoring request to send delete notify (no ISAKMP

sa) src 4.7.6.2 dst 2.2.4.6 for SPI 0x140FA849

*Aug 9 12:28:31.147: ISAKMP: received ke message (3/1)

*Aug 9 12:28:31.147: ISAKMP: ignoring request to send delete notify (no ISAKMP

sa) src 4.7.6.2 dst 2.2.4.6 for SPI 0x140FA849

*Aug 9 12:28:36.147: ISAKMP: received ke message (3/1)

*Aug 9 12:28:36.147: ISAKMP: ignoring request to send delete notify (no ISAKMP

sa) src 4.7.6.2 dst 2.2.4.6 for SPI 0x140FA849

*Aug 9 12:28:41.147: ISAKMP: received ke message (3/1)

*Aug 9 12:28:41.147: ISAKMP: ignoring request to send delete notify (no ISAKMP sa)

*Aug 9 12:29:36.615: %CRYPTO-4-IKMP_NO_SA: IKE message from 2.2.4.6 has

no SA and is not an initialization offer

  • VPN
3 REPLIES

Re: VPN errors, not connecting

Hi

Can you try keying in this command in your router conifg ?

crypto map map-name local-address interface-id

interface id will be your outside interface where you are applying the crypto map.

Also can you post the config of your pix firewall here so that the same can be checked.

regds

New Member

Re: VPN errors, not connecting

Hi,

I am suspecting the problum is with authentication praposal. Please change MD5 from SHA in to both IKE and IPSec praposal at both side.

Thanks,

Mustafa

New Member

Re: VPN errors, not connecting

I believe that initial setup for Phase One is missing an acl for esp and isakmp:

access-list 110 permit udp host 2.2.4.6 host 4.7.6.2 eq isakmp

access-list 110 permit esp host 2.2.4.6 host 4.7.6.2

and adding ip access-group 110 in

under the external address.

Good luck

2239
Views
0
Helpful
3
Replies