From: Rob Ehlers (ccieorbust@xxxxxxxxxxxxxxxxxxx)
Date: Sun Mar 26 2000 - 15:49:17 GMT-3
This Line...
crypto map scramble 10 ipsec-manual
You want to use isakmp, and you've got the rest of the configuration in
there for it... so you need:
crypto map scramble 10 ipsec-isakmp
Manual means that you bypass all the isakmp stuff and manual configure the
SAs or something like that...
I'm no expert, but I got it working with pretty much the same
configuration that you've got, excep the ipsec-isakmp.
Rob
On Sun, 26 Mar 2000, Kevin Gannon wrote:
> This is driving me nuts I get the following error message when I have
> ipsec debugging when trying to ping across the link using an extended
> ping. Attached are the configs and a "show crypto key mypub rsa".
>
> The code is 120-7.XK1 on a pair of 3810's. I think that I am doing
> everything as per the doc's but I probably need more coffee.
>
> Regards,
> Kevin
>
> 01:54:22: IPSEC(sa_request): ,
> (key eng. msg.) src= 20.20.20.2, dest= 20.20.20.1,
> src_proxy= 1.1.1.1/255.255.255.255/0/0 (type=1),
> dest_proxy= 2.2.2.2/255.255.255.255/0/0 (type=1),
> protocol= ESP, transform= esp-des esp-sha-hmac ,
> lifedur= 3600s and 4608000kb,
> spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x4004
> 01:54:22: IPSEC(manual_key_stuffing): Can't get valide engine id 0
> .
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:23:06 GMT-3