Pix501 - Concentrator

[Frank Delle <fdelle () finaplex com>]

Hello, 

I thought giving this group a try and see if there is (there must be..)
an expert on compatability with Pix501 and Concentrator 3005. I am
trying desperately not to pull my remaining hair out, so you folks are
my last hope :-) 

Setup: Concentrator 3005 (4.0.4) and Pix501 DES license only (6.3/PDM
3.0.1) 
Goal: setup a VPN (what else) 
Problem: Concentrator not accepting SA/IKE proposal 

The setup couldn't any simpler, but the concentrator complains "All
IPSec SA proposals found unacceptable!" and then next logn: "QM FSM
error (P2 struct &0x1e5c120, mess id 0xe9af52c5)!" 


Pix501 side: uses 2 standard transform sets (esp-des esp-md5/sha-hmac),
crypto map applied to outside interface. ACL's are checked. IKE: des
md5/sha, DH 1, key: pre-share 

Concentrator: Auth: ESP/MD5/HMAC-128 Encryp: DES-56. IKE Proposal:
pre-shared keys Auth Alg: MD5/HMAc-128, Enc Alg: DES-56, DH group: 1
(all matching the settings on the Pix. 

I must be missing something and any help is very much appreciated. 


Frank Delle - IT Manager
Finaplex (www.finaplex.com)
email: fdelle () finaplex com
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards