interface Virtual-Template2 type tunnel tunnel protection ipsec profile ipsec_prof
2011/3/5 Bruno <[email protected]> > Hey guys, > > I've been trying to get this stuff working a while and no luck. I am > thinking it`s no possible but would like some insights > > R1 <> ASA <> R2 > > R1 > interface Tunnel100 > ip address 1.1.1.1 255.255.255.0 > tunnel source FastEthernet0/0 > tunnel destination 136.1.122.2 > tunnel mode ipsec ipv4 > tunnel protection ipsec profile ipsec_prof > > R2 initially had the same config and it worked just fine. Then I changed > the configuration on R2 to DVTI > interface Virtual-Template2 type tunnel > ip address 1.1.1.2 255.255.255.0 > tunnel source FastEthernet0/0 > tunnel mode ipsec ipv4 > > The interesting is that as soon as I configured *"tunnel destination*" > pointing to R1 it works. But that's exactly what I do not want to do, > supposing R1 had dynamic ip, it should work without destination address. > > The log is: > IPSec policy invalidated proposal with error 8 > Mar 2 07:20:35.303: ISAKMP:(1013): phase 2 SA policy not acceptable! > (local 136.1.122.2 remote 136.1.121.1) > Mar 2 07:20:35.303: ISAKMP: set new node 1645030739 to QM_IDLE > Mar 2 07:20:35.311: ISAKMP:(1013):Sending NOTIFY PROPOSAL_NOT_CHOSEN > protocol 3 > > Any idea is welcome. > > Cisco DOC for VTI > > http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gtIPSctm.html > > -- > Bruno Fagioli (by Jaunty Jackalope) > Cisco Security Professional > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
