Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN not working

I had a functioning VPN but noticed an erroneous static route (shouldn't have been there) so I removed it with 

no route outside 0 0 108.74.0.169 and then the VPN stopped functioning.

 

The errors Im seeing are: 

3Aug 20 201410:48:06     IP = 108.74.0.169, Error processing payload: Payload ID: 1

 

5Aug 20 201410:48:06     

Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Group 2 Cfg'd: Group 1

 

5Aug 20 201410:48:06     Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Group 2 Cfg'd: Group 1

 

If I change the group from 1 to 2 then the tunnel comes up

1   IKE Peer: 108.74.0.169
    Type    : L2L             Role    : responder 
    Rekey   : no              State   : MM_ACTIVE 

 

However I am still not able to see the other side or ping devices on the other side.

 

What do I need to do ?

 

2 REPLIES

Hi,Okay... Because the

Hi,

 

do you have connected your peers directly to each other? anyways thats okay....

Okay... Because the negotiation happening with group 2 ikevx/isakmp policy.... might be it negotiates with the default crypto ike/isakmp policy......

 

but anyways your phase 1 seems to be up and can you check on the phase 2 parameters?

 

sh crypto ipsec sa and check if encaps and decaps happening properly or not..

 

Regards

Karthik

New Member

issue on the phase2 only , if

issue on the phase2 only , if phase1 up itself you will get MM_Active message on the sh cry isakmp sa, but

check sh crypto ipsec sa nothing will be there. check the proxy ACL is corrrect.

if you can share config easy to find the problem

29
Views
0
Helpful
2
Replies