OT: PIX-Contivity VPN

From: Le Dinh An (anld@ispco.com.vn)
Date: Wed Feb 19 2003 - 05:21:34 GMT-3

• Next message: Matthew Poole: "Re: Incorrect link to PQ (Qos) ???"
• Previous message: Bobby: "Vlan Map"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi group,

I'm working on a VPN between PIX and Nortel Contivity. Everything seems
to be fine to me, all the atts are acceptable and isakmp sa is
authenticated but there is an INVALID_ID_INFO error and the tunnel can
not be created. I think this is a specific compibility problem between
PIX and Nortel and I'm sure there's some VPN guru out there will show me
how to solve this.

Below is the relevant config and debug output.

TIA,
An.

crypto ipsec transform-set myset esp-3des esp-md5-hmac
crypto map mymap 10 ipsec-isakmp
crypto map mymap 10 match address 100
crypto map mymap 10 set peer 10.64.10.16
crypto map mymap 10 set transform-set myset
crypto map mymap interface outside
isakmp enable outside
isakmp key ******** address 10.64.10.16 netmask 255.255.255.255
isakmp identity address
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400

00:11:12: ISAKMP (0:2): received packet from 10.64.10.16 (I) MM_KEY_EXCH
00:11:12: ISAKMP (0:2): processing ID payload. message ID = 0
00:11:12: ISAKMP (0:2): processing HASH payload. message ID = 0
00:11:12: ISAKMP (0:2): processing NOTIFY INITIAL_CONTACT protocol 1
        spi 0, message ID = 0, sa = 820E4A78
00:11:12: ISAKMP (0:2): SA has been authenticated with 10.64.10.16
00:11:12: ISAKMP (0:2): beginning Quick Mode exchange, M-ID of 1747508411
00:11:12: ISAKMP (0:2): sending packet to 10.64.10.16 (I) QM_IDLE
00:11:12: ISAKMP (0:2): received packet from 10.64.10.16 (I) QM_IDLE
00:11:12: ISAKMP (0:2): processing HASH payload. message ID = 384019695
00:11:12: ISAKMP (0:2): processing NOTIFY INVALID_ID_INFO protocol 3
        spi 1151687046, message ID = 384019695, sa = 820E4A78
00:11:12: ISAKMP (0:2): deleting spi 1151687046 message ID = 1747508411
00:11:12: ISAKMP (0:2): deleting node 1747508411 error TRUE reason
"delete_larval"
00:11:12: ISAKMP (0:2): deleting node 384019695 error FALSE reason
"informational (in) state 1"

-- 
Le Dinh An
Network Consultant
Phone: 84 913 100 478

• Next message: Matthew Poole: "Re: Incorrect link to PQ (Qos) ???"
• Previous message: Bobby: "Vlan Map"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Mar 01 2003 - 11:06:27 GMT-3