Firewall Wizards mailing list archives
RE: Pix501 - Concentrator
From: "Luc Billot (lbillot)" <lbillot () cisco com>
Date: Mon, 9 Feb 2004 15:48:48 -0000
Hello Frank, The default config of the VPN 3000 concentrator does not include DES proposal, In order to activate it using the GUI : Menu config, then @tunneling and security@, then @ipsec@, then @ike proposal@ Then shift the @ike-DES-MD5@ proposal from inactive to active. ON the PIX side using PDM, configure the PIX using the EZVPN wizard. If you want to have some examples please have a look to : http://www.cisco.com/cgi-bin/Support/browse/psp_view.pl?p=Hardware:Cisco _VPN_3000_Concentrator&s=Software_Configuration#Software_Samples_and_Tip s Best Regards Luc BILLOT Message: 5 FMessage: 8 Date: Fri, 6 Feb 2004 14:43:29 -0800 From: =?us-ascii?Q?Frank_Delle?= <fdelle () finaplex com> To: <firewall-wizards () honor icsalabs com> Subject: [fw-wiz] Pix501 - Concentrator Hello,=20 I thought giving this group a try and see if there is (there must be..) an expert on compatability with Pix501 and Concentrator 3005. I am trying desperately not to pull my remaining hair out, so you folks are my last hope :-)=20 Setup: Concentrator 3005 (4.0.4) and Pix501 DES license only (6.3/PDM 3.0.1)=20 Goal: setup a VPN (what else)=20 Problem: Concentrator not accepting SA/IKE proposal=20 The setup couldn't any simpler, but the concentrator complains "All IPSec SA proposals found unacceptable!" and then next logn: "QM FSM error (P2 struct &0x1e5c120, mess id 0xe9af52c5)!"=20 Pix501 side: uses 2 standard transform sets (esp-des esp-md5/sha-hmac), crypto map applied to outside interface. ACL's are checked. IKE: des md5/sha, DH 1, key: pre-share=20 Concentrator: Auth: ESP/MD5/HMAC-128 Encryp: DES-56. IKE Proposal: pre-shared keys Auth Alg: MD5/HMAc-128, Enc Alg: DES-56, DH group: 1 (all matching the settings on the Pix.=20 I must be missing something and any help is very much appreciated.=20 Frank Delle - IT Manager Finaplex (www.finaplex.com) email: fdelle () finaplex com --__--__-- _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards End of firewall-wizards Digest _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Pix501 - Concentrator Frank Delle (Feb 07)
- <Possible follow-ups>
- RE: Pix501 - Concentrator Melson, Paul (Feb 09)
- RE: Pix501 - Concentrator Frank Dellé (Feb 09)
- RE: Pix501 - Concentrator Luc Billot (lbillot) (Feb 09)