Have been beating my head over something trivial that drove me absolutely mad. There's EzVPN server on the router. It was configured in classical crypto map mode and Dynamic VTI. There are two EzVPN clients - Cisco software IPSec client and a router configured as EzVPN remote. No matter what I did I ended up with "proposals not accepted" on phase 1 and "Processing of Aggressive mode failed with peer". I use real gear and the amount of my frustration made me open the TAC case. I couldn't believe my ears when the engineer said that my crypto isakmp policy was missing hash and encryption parameters when he saw only two lines:
crypto isakmp policy 10 authentication pre-share When I showed him the output of "show crypto isakmp policy" with a complete set of proposals he said that I still have to add different combinations of encryption and hash manually. Then I was surprised when the software IPSec client finally connected was still able to connect over and over again. So-o-o-o funny when the engineer said that I have to upgrade to the newer software which leaves me in doubt about version 12.4(15). Do it next time if you have something similar. Eugene
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
