Hey, crypto isakmp profile AGRESSIVE keyring default self-identity fqdn match identity host Router1 initiate mode aggressive
crypto isakmp profile AGRESSIVE keyring default self-identity fqdn match identity host Router2 initiate mode aggressive crypto isakmp key cisco hostname Router1 crypto isakmp key cisco hostname Router2 *Mar 1 00:43:51.071: ISAKMP:(0): processing KE payload. message ID = 0 *Mar 1 00:43:51.127: ISAKMP:(0): processing NONCE payload. message ID = 0 *Mar 1 00:43:51.127: ISAKMP:(0):Found HOST key in keyring Router2 *Mar 1 00:43:51.135: ISAKMP:(1008):Old State = IKE_I_AM1 New State = IKE_P1_COMPLETE Even thou it is being used with Hostnames, the Router needs to resolve the IP address of the peer in case you put any. You are failing on the Keyring, even if you define the key, if the router does not know how to resolve it, it will never find the key, thus AM is not going to start. You need to define Router1 and router 2 names on both Routers to correctly find the key. Cheers, Mike From: [email protected] Date: Thu, 26 Jul 2012 14:58:55 -0400 To: [email protected] CC: [email protected] Subject: Re: [OSL | CCIE_Security] Preshared Key with Hostnames Request profile crypto isakmp profile ISAKMP_PROFinitiate mode aggressivekeyring default I tried with/without Self-identity fqdn, same result. On Thu, Jul 26, 2012 at 2:03 PM, Gaurang Pandya <[email protected]> wrote: post your isakmp profile. Gaurang. From: GuardGrid <[email protected]> To: ccie_security <[email protected]> Sent: Thursday, July 26, 2012 10:46 PM Subject: [OSL | CCIE_Security] Preshared Key with Hostnames keep getting this error on the initiator even though a profile has been defined to initiate aggressive and there is a preshared key for the peer, *Jul 26 05:06:34.866: ISAKMP:(0):Can not start Aggressive mode, trying Main mode. *Jul 26 05:06:34.866: ISAKMP:(0): No Cert or pre-shared address key.*Jul 26 05:06:34.866: ISAKMP:(0): construct_initial_message: Can not start Main mode anything specific that is needed in this case to make it work correctly on the initiator? _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
