crypto map problem on 1700

Discussion in 'Cisco' started by jcharth, Sep 6, 2005.

  1. jcharth

    jcharth Guest

    Hello I have several crypto maps connecting a pix a 6 1700 routers. One
    of my 1700 routers shows this error and the tunnels get disconnect and
    reconnected, can anyone see the problem here?
    thanks

    02:17:40: ISAKMP (0:3): received packet from x.x.x.x(R) QM_IDLE
    02:17:40: ISAKMP (0:3): processing HASH payload. message ID = 82696062
    02:17:40: ISAKMP (0:3): processing SA payload. message ID = 82696062
    02:17:40: ISAKMP (0:3): Checking IPSec proposal 1
    02:17:40: ISAKMP: transform 1, ESP_3DES
    02:17:40: ISAKMP: attributes in transform:
    02:17:40: ISAKMP: encaps is 1
    02:17:40: ISAKMP: SA life type in seconds
    02:17:40: ISAKMP: SA life duration (basic) of 3600
    02:17:40: ISAKMP: SA life type in kilobytes
    02:17:40: ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0
    02:17:40: ISAKMP: authenticator is HMAC-MD5
    02:17:40: ISAKMP (0:3): atts are acceptable.
    02:17:40: ISAKMP (0:3): IPSec policy invalidated proposal
    02:17:40: ISAKMP (0:3): phase 2 SA not acceptable!
    02:17:40: ISAKMP (0:3): sending packet to x.x.x.x (R) QM_IDLE
    02:17:40: ISAKMP (0:3): purging node 1829095077
    02:17:40: ISAKMP (0:3): Unknown Input for node 82696062: state =
    IKE_QM_READY, major = 0x00000001, minor = 0x0000000C
     
    jcharth, Sep 6, 2005
    #1
    1. Advertisements

  2. :Hello I have several crypto maps connecting a pix a 6 1700 routers. One
    :eek:f my 1700 routers shows this error and the tunnels get disconnect and
    :reconnected, can anyone see the problem here?

    :02:17:40: ISAKMP: transform 1, ESP_3DES
    :02:17:40: ISAKMP: authenticator is HMAC-MD5

    The PIX no longer supports 3DES MD5, if I recall correctly.
    Try switching to 3DES SHA.

    If 3DES MD5 is working for you on some PIX but not the one in question,
    check to see if the one it is failing on is a newer software release.
     
    Walter Roberson, Sep 6, 2005
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.