Dear Experts, I am trying to run IKE Phase I in Aggressive mode using ISAKMP Profiles, however I am not able to get why it doesn't work when running the debugs I see that it can't run AGGRESSIVE mode and it can't find a PSK or cert despite the fact that it exists. I would appreciate any input.
crypto isakmp key CISCO hostname XXXX <http://rack1r2.ine.com/> crypto isakmp profile AGGRESSIVE ! This profile is incomplete (no match identity statement) keyring default self-identity fqdn initiate mode aggressive ! crypto ipsec transform-set R1R2 esp-3des esp-md5-hmac ! crypto map R1R2 isakmp-profile AGGRESSIVE crypto map R1R2 10 ipsec-isakmp set peer 136.1.122.2 set transform-set R1R2 match address LO12 interface FastEthernet0/0 ip address 136.1.121.1 255.255.255.0 duplex auto speed auto crypto map R1R2 spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x0 Oct 8 04:54:52.071: ISAKMP:(0): SA request profile is AGGRESSIVE Oct 8 04:54:52.071: ISAKMP: Created a peer struct for 136.1.122.2, peer port 500 Oct 8 04:54:52.071: ISAKMP: New peer created peer = 0x83D50508 peer_handle = 0x80000010 Oct 8 04:54:52.075: ISAKMP: Locking peer struct 0x83D50508, refcount 1 for isakmp_initiator Oct 8 04:54:52.075: ISAKMP: local port 500, remote port 500 Oct 8 04:54:52.075: ISAKMP: set new node 0 to QM_IDLE Oct 8 04:54:52.075: insert sa successfully sa = 83DE56A8 Oct 8 04:54:52.075: ISAKMP:(0):Can not start Aggressive mode, trying Main mode. Oct 8 04:54:52.079: ISAKMP:(0): No Cert or pre-shared address key. Oct 8 04:54:52.079: ISAKMP:(0): construct_initial_message: Can not start Main mode Oct 8 04:54:52.079: ISAKMP: Unlocking peer struct 0x83D50508 for isadb_unlock_peer_delete_sa(), count 0 Oct 8 04:54:52.079: ISAKMP: Deleting peer node by peer_reap for 136.1.122.2: 83D50508 Oct 8 04:54:52.079: ISAKMP:(0):purging SA., sa=83DE56A8, delme=83DE56A8 Oct 8 04:54:52.079: ISAKMP:(0):purging node -1397275558 Oct 8 04:54:52.083: ISAKMP: Error while processing SA request: Failed to initialize SA Oct 8 04:54:52.083: ISAKMP: Error while processing KMI message 0, error 2. Oct 8 04:54:52.083: IPSEC(key_engine): got a queue event with 1 KMI message(s) Thanks Best Regards -- KJ
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
