Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > VPN IPSEC connection between a cisco 17xx and Nortel vpn box

Reply
Thread Tools

VPN IPSEC connection between a cisco 17xx and Nortel vpn box

 
 
Joris Deschacht
Guest
Posts: n/a
 
      10-16-2003
I've allready set up 3 same connections but, the fourth just won't
come up.

I use a cisco 17xx to connect to the nortel box.

crypto isakmp policy 1
hash md5
authentication pre-share
crypto isakmp key $$$$$ address xxx.xxx.xxx.xxx
crypto ipsec transform-set TRANSFORM_VPN esp-3des esp-md5-hmac
!
crypto map ENCRYPT_DAF 1 ipsec-isakmp
set peer xxx.xxx.xxx.xxx
set transform-set TRANSFORM_VPN
set pfs group1
match address 191

Crypto policy on the Nortel VPN Box:
- Encr : 3des
- Hash : md5
- Authentication pre-share

Al i see in the debug is "notify has no has, rejected" . While I'am
sure we both use the same settings !!!

>sh ver

Cisco Internetwork Operating System Software
IOS (tm) C1700 Software (C1700-K9O3SY7-M), Version 12.2(15)T2,
RELEASE SOFTWARE
(fc2)
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2003 by cisco Systems, Inc.
Compiled Thu 01-May-03 09:47 by nmasa
Image text-base: 0x80008120, data-base: 0x80FB8EB8

ROM: System Bootstrap, Version 12.2(7r)XM1, RELEASE SOFTWARE (fc1)
uptime is 23 hours, 29 minutes
System returned to ROM by reload
System image file is "flash:c1700-k9o3sy7-mz.122-15.T2.bin

Please see the debug below.


23:23:24: IPSEC(sa_request): ,
(key eng. msg.) OUTBOUND local= wan ip, remote= remote peer,
local_proxy= 172.29.0.0/255.255.0.0/0/0 (type=4),
remote_proxy= 195.69.0.0/255.255.0.0/0/0 (type=4),
protocol= ESP, transform= esp-3des esp-md5-hmac ,
lifedur= 3600s and 4608000kb,
spi= 0x48409B11(1212193553), conn_id= 0, keysize= 0, flags= 0x400B
23:23:24: ISAKMP: received ke message (1/1)
23:23:24: ISAKMP (0:0): SA request profile is (NULL)
23:23:24: ISAKMP: local port 500, remote port 500
23:23:24: ISAKMP: set new node 0 to QM_IDLE
23:23:24: ISAKMP: insert sa successfully sa = 81C03030
23:23:24: ISAKMP (0:1): Can not start Aggressive mode, trying Main
mode.
23:23:24: ISAKMP: Looking for a matching key for remote peer in
default : succ
ess
23:23:24: ISAKMP (0:1): found peer pre-shared key matching remote peer
23:23:24: ISAKMP (0:1): constructed NAT-T vendor-03 ID
23:23:24: ISAKMP (0:1): constructed NAT-T vendor-02 ID
23:23:24: ISAKMP (0:1): Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM
23:23:24: ISAKMP (0:1): Old State = IKE_READY New State = IKE_I_MM1

23:23:24: ISAKMP (0:1): beginning Main Mode exchange
23:23:24: ISAKMP (0:1): sending packet to remote peer my_port 500
peer_port 50
0 (I) MM_NO_STATE
23:23:24: ISAKMP (0:1): received packet from remote peer dport 500
sport 500 G
lobal (I) MM_NO_STATE

23:23:24: ISAKMP (0:1): Notify has no hash. Rejected.

23:23:24: ISAKMP (0:1): Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
23:23:24: ISAKMP (0:1): Old State = IKE_I_MM1 New State = IKE_I_MM1
23:23:54: IPSEC(key_engine): request timer fired: count = 1,
(identity) local= wan ip, remote= remote peer,
local_proxy= 171.11.0.0/255.255.0.0/0/0 (type=4),
remote_proxy= 195.69.0.0/255.255.0.0/0/0 (type=4)
23:23:54: IPSEC(sa_request): ,
(key eng. msg.) OUTBOUND local= wan ip, remote= remote peer,
local_proxy= 171.11.0.0/255.255.0.0/0/0 (type=4),
remote_proxy= 195.69.0.0/255.255.0.0/0/0 (type=4),
protocol= ESP, transform= esp-3des esp-md5-hmac ,
lifedur= 3600s and 4608000kb,
spi= 0x22BAADFE(582659582), conn_id= 0, keysize= 0, flags= 0x400B
23:23:54: ISAKMP: received ke message (1/1)
23:23:54: ISAKMP: set new node 0 to QM_IDLE
23:23:54: ISAKMP (0:1): SA is still budding. Attached new ipsec
request to it.

Maybe someone got an idee ??

greetings,

Joris
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
We are buying: Cisco ADC Nortel Nokia Nortel Fujitsu Lucent Keane1 Cisco 0 11-10-2009 09:05 PM
connecting a Nortel Contivity VPN device to a Cisco PIX Firewall in IPSEC tunnel mode Ken Gallagher Cisco 2 08-07-2006 02:51 PM
cisco 17xx or 851 jcharth@hotmail.com Cisco 6 12-27-2005 12:15 AM
IPSec VPN problem with a CISCO C827 ADSL Router and a Nortel Contivity VPN Client mw Cisco 2 04-20-2005 08:18 PM
VPN Connection Problems between Cisco PIX 506E and Cisco VPN Concentrator 3005 Kai Cisco 0 02-15-2005 02:03 PM



Advertisments