Nevermind, I think Yusuf had a typo... cuz the on the output from the group members appears the Loopback of another router and not router6 and the next question requires those guys that you configured on the previous question to be part of DMVPN.
Sorry for the spam. Mike From: [email protected] To: [email protected] Date: Fri, 13 Apr 2012 20:01:43 -0600 Subject: [OSL | CCIE_Security] Key Server as Group member Hi All, I have a question, I configured the KS as GM but it is not working, it gives me the following error: *Apr 13 20:07:54.903: ISAKMP:(0): Invalid phase 1 SA response! *Apr 13 20:07:54.903: ISAKMP:(0): phase 1 SA policy not acceptable! (local 192.168.6.6 remote 10.6.6.1) *Apr 13 20:07:54.903: ISAKMP (0:0): incrementing error counter on sa, attempt 1 of 3: construct_fail_ag_init *Apr 13 20:07:54.903: ISAKMP:(0): sending packet to 10.6.6.1 my_port 848 peer_port 848 (I) MM_NO_STATE *Apr 13 20:07:54.903: ISAKMP:(0):Sending an IKE IPv4 Packet. *Apr 13 20:07:54.903: ISAKMP:(0):peer does not do paranoid keepalives. I just added the following: crypto isakmp policy 10 encr 3des authentication pre-share group 2 crypto isakmp key cisco address 0.0.0.0 0.0.0.0 crypto gdoi group dmvpn_gdoi identity number 2 server address ipv4 10.6.6.1 crypto map outside 10 gdoi set group dmvpn_gdoi crypto map outside and applied on the Interface, however I get the mentioned error, is there something special that need to be added? Mike _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
