I could bet you're offering either DES or group1 as phase1 hardcode group2 and at least 3des for phase1
On Wed, Jun 15, 2011 at 9:01 PM, Mark Senteza <[email protected]>wrote: > Hey all, > > I'm having an issue that I cant figure out. I've done this config countless > times and I successfully test the config. Today though I can not bring the > tunnel up and the Cisco VPN Client login screen to pop up which usually > confirms to me that at the very least the connection is establishing and is > awaiting Phase 1.5. > > This is the error message that I get: > > *%CRYPTO-6-IKMP_MODE_FAILURE: Processing of Aggressive mode failed with > peer at 10.100.22.10* > > The layout is as follows: > > ------subnet 10.100.10.0/24------------------fa0/0.10-*R1*-fa0/0.11 > (10.100.11.1)--------------*SW01*--Vlan22 > (10.100.22.11)-----------------|----------------------*TEST PC*(10.100.22.10) > > The EZVPN Server (R1) config is: > > ip local pool EZVPN 20.0.0.1 20.0.0.254 > > ip access-list standard SPLIT-TUNNEL > permit 10.100.10.0 0.0.0.255 > > aaa authentication login EZVPN local > aaa authorization exec EZVPN local > > crypto isakmp policy 10 > encr 3des > hash md5 > authentication pre-share > group 2 > > crypto isakmp client configuration group EZVPN > key CISCO > pool EZVPN > acl SPLIT-TUNNEL > > crypto isakmp profile EZVPN-ISAKMP-PROFILE > match identity group EZVPN > client authentication list EZVPN > isakmp authorization list EZVPN > client configuration address respond > > crypto ipsec transform-set EZVPN esp-3des esp-md5-hmac > > crypto dynamic-map DYNAMIC 10 > set transform-set EZVPN > reverse-route > > crypto map EZVPN 10 ipsec-isakmp dynamic DYNAMIC > > interface fa0/0.11 > crypto map EZVPN > > router ospf 1 > redistribute static subnets > > > What could I be doing wrong > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > -- Bruno Fagioli (by Jaunty Jackalope) Cisco Security Professional
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
