Hello,
I am able to complete Phase 1 (Main Mode) IPSEC negotiation, but Phase 2 ("quick mode") will not complete. From the Cisco debug logs, I can see that it fails due to "proxies not supported"....
I have searched the forums, and I found someone with the exact problem I had, but no one ever responded. I have also seen posts by others who say they have completed *many* CiscoAstaro VPN tunnels, but they neglected to post a working sample configuration.
Here are the Astaro Policy (custom) settings:
ISAKMP Settings
============
IKE Mode: Main Mode
Encryption Algorithm: AES 128bit
Authentication Algorithm: SHA1 160bit
IKE DH Group: DH Group 2 (MODP1024)
SA Lifetime (secs): 86400
IPSEC Settings
===========
IPSec Mode: Tunnel
IPSEC Protocol: ESP
Encryption Algorithm: AES 128bit
Enforce Algorithms: Off
Authentication Algorithm: SHA1 160bit
SA Lifetime (secs): 3600
PFS: No PFS
Compression: Off
Here are the Cisco IOS Router Settings:
crypto isakmp policy 1
encr aes
authentication pre-share
group 2
crypto isakmp key privatekey123! address 14.126.64.43 no-xauth
crypto ipsec transform-set myset esp-aes esp-sha-hmac
crypto map aptmap 1 ipsec-isakmp
set peer 14.126.64.43
set transform-set myset
match address 110
If anyone can see a problem with any of this, or provide a sample working config (cleaned, of course) from your own stash, then it would be greatly appreciated! Once again, the IKE Main Mode is complete. However, Phase two fails.... No detailed error messages exist on the Astaro side.
Thank you....
-WW
This thread was automatically locked due to age.
