[c-nsp] asa ipsec problem
Peter Rathlev
peter at rathlev.dk
Tue Jun 3 12:53:08 EDT 2008
On Tue, 2008-06-03 at 13:49 +0300, Sergey Alexanov wrote:
> 2008/6/3 Peter Rathlev <peter at rathlev.dk>:
> > On Mon, 2008-06-02 at 14:45 +0300, Sergey Alexanov wrote:
> > > Jun 02 03:18:07 [IKEv1]: IKE Initiator unable to find policy: Intf
> > > inside, Src: 192.168.56.1, Dst: 192.168.55.55
<snip>
> ISR# sh run
> Current configuration : 4833 bytes
> !
> version 12.4
> <snip>
> crypto isakmp policy 10
> encr 3des
> hash md5
> authentication pre-share
> group 2
> !
> !
> crypto isakmp key KEY1 address x.x.x.56
> !
> crypto map VPN_MAP1 1 ipsec-isakmp
> set peer x.x.x.56
> set transform-set ESP-AES-MD5
> match address NET-192-168
> !
<snip>
> crypto ipsec transform-set ESP-AES-MD5 esp-aes esp-md5-hmac
<snip>
> isakmp policy 1 authentication pre-share
> isakmp policy 1 encryption 3des
> isakmp policy 1 hash md5
> isakmp policy 1 group 2
> isakmp policy 1 lifetime 86400
The only thing I can think of would be that your ISAKMP policies don't
match your transform sets. I don't know why it would work one way though.
Otherwise it might be CSCsk39154 (for 8.x) or mayby CSCsj80196.
Are you using dynamic maps for a specific reason? You seem to specify
all the required parameters for a static map.
Regards,
Peter
More information about the cisco-nsp
mailing list