Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN tunnel problem with PIX506e with IOS 6.3 ver

Hi,

I have a PIX506e with IOS 6.3, trying to create a VPN tunnel with Netscreen204 firewall. At netscreen side, they have chosen pre-g2-3des-md5 --as phase 1 proposal & nopfs-esp-3des-md5--as phase 2 proposal . VPN tunnel is not getting established with Netscreen 204 .What are the equivalent parameters in PIX I have to choose in PIX for phase1 and phase2 in PIX side?.

Appreciated for ur quick reply.

Regards,

Raju

3 REPLIES
Gold

Re: VPN tunnel problem with PIX506e with IOS 6.3 ver

Phase I.

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash md5

isakmp policy 10 group 2

Phase II.

crypto ipsec transform-set set_name esp-3des esp-md5-hmac

M.

Hope that helps rate if it does

New Member

Re: VPN tunnel problem with PIX506e with IOS 6.3 ver

Thanks M for ur quick reply. To give a quick , in Netscreen side, user is getting the floowing error in the log.

Phase 1: Main mode negotiations have failed.

Phase-1: no user configuration was found for the received IKE ID type: FQDN,2

New Member

Re: VPN tunnel problem with PIX506e with IOS 6.3 ver

Hi,

There is peer authentication problem in the IKE phase I.

Did you set the pre-shared key on the PIX?:

isakmp key address netmask 255.255.255.255

Also you have to set the same pre-shared key on the netscreen.

I hope this will help

Good work!

972
Views
0
Helpful
3
Replies
CreatePlease login to create content