Hi all I was trying to bring an IPSec Lan to Lan connection between two ASAs but in vain it didn't come up. Since, the debugs was not enough to troubleshoot, I switched the IPSec between an ASA and router.
The following was the debug crypto isakmo Feb 10 21:24:58.508: ISAKMP: default group 1 Feb 10 21:24:58.508: ISAKMP: encryption 3DES-CBC Feb 10 21:24:58.508: ISAKMP: keylength of 56797 Feb 10 21:24:58.508: ISAKMP: hash SHA Feb 10 21:24:58.508: ISAKMP: auth pre-share Feb 10 21:24:58.508: ISAKMP: life type in seconds Feb 10 21:24:58.508: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80 Feb 10 21:24:58.508: ISAKMP:(0):Unexpected key length attribute Feb 10 21:24:58.508: ISAKMP:(0):atts are not acceptable. Next payload is 0 Feb 10 21:24:58.508: ISAKMP:(0):no offers accepted! I have never seen this issue, hope it doesn't come in the lab. We can't do anything about the keylength that is being exchanged in DH exchange :-( With regards Kings
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
