1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

RV082 and Cisco 3620: how to make love?

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by Vitls, Oct 24, 2007.

  1. Vitls

    Vitls Guest

    Hello All, I'm trying to set up a IPSEC tunnel between RV082 and Cisco 3620.
    Cisco side config:

    Code:
    crypto isakmp policy 10 hash md5 authentication pre-share
    crypto isakmp key SKIBGATE address 213.59.127.215
    
    crypto map vpn 10 ipsec-isakmp
     set peer 213.59.127.215
     set transform-set skibtrans match address 101
    
    crypto ipsec transform-set skibtrans esp-des esp-md5-hmac
     mode transport
    
    interface Tunnel10
     description Tunnel to Linksys
     ip unnumbered Loopback0
     ip mtu 1440
     ip nat inside
     tunnel source FastEthernet0/1
     tunnel destination 213.59.127.215
    
    interface FastEthernet0/1
     ip address 217.13.218.37 255.255.255.252
     crypto map vpn access-list 101
    
    permit gre host 217.13.218.37 host 213.59.127.215
    

    Linsys side config:


    Mode Client-to-GAteway

    --- Local Group setup ---
    IP Only
    IP address 213.59.127.215
    Local Sec Group Type: IP
    IP address 213.59.127.215

    --- Remote Group setup ---
    Gateway Type: IP Only
    IP address 217.13.218.37
    Remote Sec Group Type: IP
    IP address 217.13.218.37

    --- IPSec setup ---
    IKE preshared
    Phase1 Group1
    Phase1 Enc DES
    Phase1 Auth MD5
    Phase1 Lifetime 28800
    PFS none
    Phase2 Enc DES
    Phase2 Auth MD5
    Phase2 lifetime 3600
    Preshared key SKIBGATE


    The connection death during Phase2.The Cisco log is below:


    Code:
    Oct 3 10:40:28 192.168.1.1 48487: 4d20h: IPSEC(validate_proposal_request): proposal part #1,
    Oct 3 10:40:28 192.168.1.1 48488: (key eng. msg.) INBOUND local= 217.13.218.37, remote= 213.59.127.215,
    Oct 3 10:40:28 192.168.1.1 48489: local_proxy= 217.13.218.37/255.255.255.255/0/0 (type=1),
    Oct 3 10:40:28 192.168.1.1 48490: remote_proxy= 213.59.127.215/255.255.255.255/0/0 (type=1),
    Oct 3 10:40:28 192.168.1.1 48491: protocol= ESP, transform= esp-des esp-md5-hmac ,
    Oct 3 10:40:28 192.168.1.1 48492: lifedur= 0s and 0kb,
    Oct 3 10:40:28 192.168.1.1 48493: spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x14
    Oct 3 10:40:28 192.168.1.1 48494: 4d20h: IPSEC(validate_transform_proposal): proxy identities not supported
    Oct 3 10:40:29 192.168.1.1 48495: 4d20h: ISAKMP (0:450): IPSec policy invalidated proposal
    Oct 3 10:40:29 192.168.1.1 48496: 4d20h: ISAKMP (0:450): phase 2 SA not acceptable!
    
    Questions:
    1. Does RV082 IPSec with GRE?
    2. How I need to setup cisco to make OSPF routing without GRE?

    Thank you.
     

Share This Page