Re: help,can't establish isakmp sa with a PIX

From: Jack Fenimore (jackfenimore@gmail.com)
Date: Sun Jun 22 2008 - 10:08:44 ART

Try switching your hash to md5. The Cisco VPN client doesn't support the
combination of DES and SHA.

Search this link for "SHA" for more info:

http://www.google.com/url?sa=t&ct=res&cd=1&url=http%3A%2F%2Fwww.cisco.com%2Funivercd%2Fcc%2Ftd%2Fdoc%2Fproduct%2Fvpn%2Fclient%2Frel4_0%2Fosxguide%2Fmanage.pdf&ei=v01eSNXpAYGSigH-47CYDA&usg=AFQjCNGi1_GaR083BOcrtUk9uLZJMFqh2g&sig2=h_kLThtlCj3Gq5XwQgKbMw

On Sun, Jun 22, 2008 at 3:07 AM, Jordan <zdh1207@gmail.com> wrote:

> Hi,groups,
> I am in trouble to use my Vista to connect to a PIX 515E version
> 7.2 by IPSec VPN. the PIX debug message shows as:
>
> Group = guestgroup, IP = xx.xx.xx.xx, Removing peer from peer table
> failed, no match!
> Jun 22 14:50:56 [IKEv1]: Group = guestgroup, IP = xx.xx.xx.xx, Error:
> Unable to remove PeerTblEntry
>
> How to solve this promble? the PIX's relative configuration is:
>
> ------------------------------------------------------------------------------------------
> crypto ipsec transform-set firstset esp-des esp-sha-hmac
> crypto dynamic-map dyn1 1 set transform-set firstset
> crypto dynamic-map dyn1 1 set reverse-route
> crypto map mymap 1 ipsec-isakmp dynamic dyn1
> crypto map mymap interface outside
> crypto isakmp enable outside
> crypto isakmp policy 1
> authentication pre-share
> encryption des
> hash sha
> group 2
> lifetime 43200
>
> tunnel-group guestgroup type ipsec-ra
> tunnel-group guestgroup general-attributes
> address-pool guest
> tunnel-group guestgroup ipsec-attributes
> pre-shared-key *
>
> --------------------------------------------------------------------------------
>
> thanks in advance.
>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

This archive was generated by hypermail 2.1.4 : Tue Jul 01 2008 - 06:23:22 ART