Hi all I have encountered this issue many times during my practice. Either with IOS IPSec RA or L2L with ASA, if the tunnel doesn't come up and you observe the following O/P. Mostly you should not see the "key length" in the "debug crypto isakmp" O/P. If you do so, just write mem and reload the ASA.
Always, I have overcome the issue..... 6: ISAKMP: default group 2 6: ISAKMP: encryption 3DES-CBC 6: ISAKMP: keylength of 56797 6: ISAKMP: hash SHA 6: ISAKMP: auth pre-share 6: ISAKMP: life type in seconds 6: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80 0: ISAKMP:(0):Authentication method offered does not match pol 0: ISAKMP:(0):atts are not acceptable. Next payload is 0 0: ISAKMP:(0):Checking ISAKMP transform 1 against priority 2 p 0: ISAKMP: default group 2 0: ISAKMP: encryption 3DES-CBC 0: ISAKMP: keylength of 56797 0: ISAKMP: hash SHA 0: ISAKMP: auth pre-share 0: ISAKMP: life type in seconds 4: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80 4: ISAKMP:(0):Encryption algorithm offered does not match poli 4: ISAKMP:(0):atts are not acceptable. Next payload is 0 4: ISAKMP:(0):Checking ISAKMP transform 1 against priority 655 4: ISAKMP: default group 2 4: ISAKMP: encryption 3DES-CBC 4: ISAKMP: keylength of 56797 8: ISAKMP: hash SHA 8: ISAKMP: auth pre-share 8: ISAKMP: life type in seconds 8: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80 8: ISAKMP:(0):Encryption algorithm offered does not match poli With regards KIngs
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
