Does the client side run dynamic routing?
If so add a static route for the peer ip and try
Sent from my iPhone
On Aug 4, 2012, at 21:57, Eugene Pefti <[email protected]> wrote:
Have been beating my head over something trivial that drove me absolutely mad.
There’s EzVPN server on the router. It was configured in classical crypto map
mode and Dynamic VTI.
There are two EzVPN clients – Cisco software IPSec client and a router
configured as EzVPN remote.
No matter what I did I ended up with “proposals not accepted” on phase 1 and
“Processing of Aggressive mode failed with peer”.
I use real gear and the amount of my frustration made me open the TAC case.
I couldn’t believe my ears when the engineer said that my crypto isakmp policy
was missing hash and encryption parameters when he saw only two lines:
crypto isakmp policy 10
authentication pre-share
When I showed him the output of “show crypto isakmp policy” with a complete set
of proposals he said that I still have to add different combinations of
encryption and hash manually.
Then I was surprised when the software IPSec client finally connected was still
able to connect over and over again.
So-o-o-o funny when the engineer said that I have to upgrade to the newer
software which leaves me in doubt about version 12.4(15).
Do it next time if you have something similar.
Eugene
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com
