[c-nsp] IPSec between Cisco and D-Link
Tony Varriale
tvarriale at comcast.net
Fri Dec 12 16:59:55 EST 2008
The transforms are fine and the debug says so.
The ACL/proxy setup is failing.
> 2d23h: ISAKMP (0:134217749): received packet from 217.x.x.x dport 500
sport
> 2d23h: ISAKMP:(0:21:SW:1): phase 2 SA policy not acceptable! (local
82.x.x.x
> remote 217.x.x.x)
> xxx#sh crypto map tag xxx
> Crypto Map "xxx" 10 ipsec-isakmp
> Peer = 217.x.x.x
> Extended IP access list 111
> access-list 111 permit ip 192.168.200.0 0.0.0.255
>192.168.0.0 0.0.0.255
Obviously 82.x and 217.x aren't the same as 192.168.200.0/24 and
192.168.0.0/24
tv
----- Original Message -----
From: "Mario Spinthiras" <spinthiras.mario at gmail.com>
To: "Gamino, Rogelio (OCTO-Contractor)" <rogelio.gamino at dc.gov>
Cc: <cisco-nsp at puck.nether.net>; "twisted mac" <twist3dmac at gmail.com>
Sent: Friday, December 12, 2008 3:15 PM
Subject: Re: [c-nsp] IPSec between Cisco and D-Link
>I dont think thats the problem. It looks like the transform sets don't
> match. Don't forget that ACLs come prior to phase 2.
>
> Regards,
> Mario A. Spinthiras
> http://www.spinthiras.net/
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list