Hi All,
I've just setup a VPN between a Vigor 2600 and a Cisco 1841 using IPSec with DES-SHA1 Auth.
I have this coming up in debug mode and wanted to know if this is normal for my kind of setup?
IPSEC(epa_des_crypt): decrypted packet failed SA identity
check
Everything seems to work fine though, i can ping a pc on either LAN. Part of my config below...
crypto isakmp policy 1
hash md5
authentication pre-share
group 2
lifetime 3600
!
crypto isakmp policy 5
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key burtonst1 address 78.xx.xxx.48
!
!
crypto ipsec transform-set 3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set AES-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set 3DES-SHA-compression esp-3des esp-sha-hmac comp-lzs
crypto ipsec transform-set AES-SHA-compression esp-aes esp-sha-hmac comp-lzs
crypto ipsec transform-set cm-transformset-1 esp-des esp-sha-hmac
crypto ipsec transform-set this_should_work esp-des esp-sha-hmac
!
crypto map VPN-Map-1 10 ipsec-isakmp
set peer 78.xx.xxx.48
set transform-set this_should_work
match address Crypto-list
!
!
!
interface FastEthernet0/0
description $ETH-LAN$
ip address 192.168.78.40 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface ATM0/0/0
no ip address
no ip mroute-cache
no atm ilmi-keepalive
bundle-enable
dsl operating-mode auto
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface ATM0/1/0
no ip address
no ip mroute-cache
no atm ilmi-keepalive
bundle-enable
dsl operating-mode auto
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Dialer0
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp reliable-link
ppp authentication chap callin
ppp chap hostname xxxxxxxxxxxxxxxxxxxxxx
ppp chap password 0 xxxxxxxx
ppp ipcp dns request
ppp link reorders
ppp multilink
ppp multilink slippage mru 16
ppp multilink fragment delay 10
ppp multilink interleave
ppp multilink multiclass
crypto map VPN-Map-1
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http secure-server
ip nat inside source list 100 interface Dialer0 overload
!
ip access-list extended Crypto-list
permit ip 192.168.78.0 0.0.0.255 192.168.6.0 0.0.0.255
ip access-list extended Internet-inbound-ACL
permit udp host 78.xx.xxx.48 any eq isakmp
permit esp host 78.xx.xxx.48 any
!
access-list 100 deny ip 192.168.78.0 0.0.0.255 192.168.6.0 0.0.0.255
access-list 100 permit ip 192.168.78.0 0.0.0.255 any
dialer-list 1 protocol ip permit
snmp-server community public RO
I've just setup a VPN between a Vigor 2600 and a Cisco 1841 using IPSec with DES-SHA1 Auth.
I have this coming up in debug mode and wanted to know if this is normal for my kind of setup?
IPSEC(epa_des_crypt): decrypted packet failed SA identity
check
Everything seems to work fine though, i can ping a pc on either LAN. Part of my config below...
crypto isakmp policy 1
hash md5
authentication pre-share
group 2
lifetime 3600
!
crypto isakmp policy 5
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key burtonst1 address 78.xx.xxx.48
!
!
crypto ipsec transform-set 3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set AES-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set 3DES-SHA-compression esp-3des esp-sha-hmac comp-lzs
crypto ipsec transform-set AES-SHA-compression esp-aes esp-sha-hmac comp-lzs
crypto ipsec transform-set cm-transformset-1 esp-des esp-sha-hmac
crypto ipsec transform-set this_should_work esp-des esp-sha-hmac
!
crypto map VPN-Map-1 10 ipsec-isakmp
set peer 78.xx.xxx.48
set transform-set this_should_work
match address Crypto-list
!
!
!
interface FastEthernet0/0
description $ETH-LAN$
ip address 192.168.78.40 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface ATM0/0/0
no ip address
no ip mroute-cache
no atm ilmi-keepalive
bundle-enable
dsl operating-mode auto
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface ATM0/1/0
no ip address
no ip mroute-cache
no atm ilmi-keepalive
bundle-enable
dsl operating-mode auto
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Dialer0
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp reliable-link
ppp authentication chap callin
ppp chap hostname xxxxxxxxxxxxxxxxxxxxxx
ppp chap password 0 xxxxxxxx
ppp ipcp dns request
ppp link reorders
ppp multilink
ppp multilink slippage mru 16
ppp multilink fragment delay 10
ppp multilink interleave
ppp multilink multiclass
crypto map VPN-Map-1
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http secure-server
ip nat inside source list 100 interface Dialer0 overload
!
ip access-list extended Crypto-list
permit ip 192.168.78.0 0.0.0.255 192.168.6.0 0.0.0.255
ip access-list extended Internet-inbound-ACL
permit udp host 78.xx.xxx.48 any eq isakmp
permit esp host 78.xx.xxx.48 any
!
access-list 100 deny ip 192.168.78.0 0.0.0.255 192.168.6.0 0.0.0.255
access-list 100 permit ip 192.168.78.0 0.0.0.255 any
dialer-list 1 protocol ip permit
snmp-server community public RO