The issue is in IPSec Phase 2.
*Mar 1 07:54:30.054: ISAKMP:(1074): phase 2 SA policy not acceptable! (local 136.1.123.3 remote 136.1.121.1) *Mar 1 07:54:30.054: ISAKMP: set new node -133501578 to QM_IDLE Possible reasons are transform set or Proxy IDs doesn't match. But with EzVPN, those are not relevant. The other reason would be ISAKMP profile. If the ISAKMP profile fails to match the identity, we could see this message. Are you using GNS? Is the ASA doing NAT? With regards Kings On Tue, Oct 11, 2011 at 1:17 PM, Hussain Arsalan Ali <[email protected]> wrote: > > I tried doing it again in office and I can see the HTTP page on client > machine . When I type in the pass it times out after sometime . I am > attaching a debug file on R3 ( Server ) . > > Can you tell me if the configuration done by me is correct ? I was thinking > if the* crypto ipsec client ezvpn IT outside *should be on the physical > interface ot the virtual-template interface I made on the CLient router . > > ------------------------------ > Date: Tue, 11 Oct 2011 11:41:36 +0530 > Subject: Re: [OSL | CCIE_Security] EzVPN and VTI > From: [email protected] > To: [email protected] > CC: [email protected] > > > What is the issue? Is the tunnel coming up? > > > With regards > Kings > > On Mon, Oct 10, 2011 at 11:28 PM, Hussain Arsalan Ali <[email protected]>wrote: > > I am configuring EzVPN using VTI . R1 is Client while R3 is Server . There > is ASA in between which has allow any any statement there . It is working > fine with Network Extension Mode ( without VTI ) but when I switched to VTI > i cant bring things up . There is no isakmp debug messages on router . > Attached is config . > > > > ALI > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
