Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

VPN SRP521W to IOS 12.4 problem

Hello,

I have a problem with setting up a Site-to-Site VPN between a SRP521(dynamic IP) and a 3640 IOS Router(static IP).

SRP network: 192.168.50.0/24

IOS network: 192.168.2.0/24

Phase 1 IKE works good, but with Phase 2 IPsec I always get an error:

Nov 16 16:38:13.793: ISAKMP:(0:4:SW:1):atts are acceptable.

Nov 16 16:38:13.793: ISAKMP:(0:4:SW:1): IPSec policy invalidated proposal

Nov 16 16:38:13.793: ISAKMP:(0:4:SW:1): phase 2 SA policy not acceptable!

About the devices:

SRP521W : FW 1.01.24

3640: IOS c3640-ik9o3s-mz.124-21.bin

I attached the config screenshots from the SRP521. The IOS config is here:

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

lifetime 28800

crypto isakmp key SECURITY address 0.0.0.0 0.0.0.0

!

!

crypto ipsec transform-set rtpset esp-3des esp-sha-hmac

!

crypto dynamic-map rtpmap 10

set transform-set rtpset

set pfs group2

match address 115

!

!

crypto map rtptrans 10 ipsec-isakmp dynamic rtpmap

access-list 115 permit ip 192.168.2.0 0.0.0.255 192.168.50.0 0.0.0.255

Thank!

- Please rate helpful posts -
Everyone's tags (5)
608
Views
0
Helpful
0
Replies
CreatePlease to create content