I'm trying to configure a site-to-site VPN tunnel. I have a PIX 501, running 6.2(2). I clear Phase I, but not Phase II. My question is about transform sets. The vendor I'm working with is looking for one of the following 'sets': ESP-3DES-SHA esp-sha-hmac esp-3DES. I'm assuming that each of these are SETS and I need to have an EXACT match (e.g. ESP-3DES-SHA). When I try to configure the crypto ipsec transform-set, I only have these sets to work with:
Hey Asimalik, thanks for the quick reply. Correct me if I'm wrong, but the process would go something like this: the vendor has the list of SETs as stated above and during the Phase II process, it would check each of the sets for a match--if the first doesn't match, it moves to the second set, then the third. The second set I have configured is ESP-3DES, which the vendor lists as their third option/set. I would think this should work, yet I'm still failing at Phase II. Any thoughts?
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...