Hi Expert,
i have this problem,
i'm try to connect with contivity 1010 to Cisco Router(83.103.XX.YY with private ip 10.254.254.200/32)
but i have this error notification (see below)
**************************
LOG OF CONTIVITY 1010
**************************
22245 11/19/2009 17:52:54 (tIsakmp ) ERR SECURITY ISAKMP Code 94
Error notification (No proposal chosen) received from 83.103.XX.YY
22244 11/19/2009 17:52:54 (tIsakmp ) NOTICE SECURITY ISAKMP Code 185
ISAKMP SA established with 83.103.XX.YY
22243 11/19/2009 17:52:54 (Security ) INFO SECURITY SESSIONCLS Code 32
Session: network IPSEC[10.254.254.200-255.255.255.255] logged in from gateway [83.103.XX.YY]
22242 11/19/2009 17:52:54 (Security ) INFO SECURITY SESSIONCLS Code 29
Session: network IPSEC[10.254.254.200-255.255.255.255] attempting login
22241 11/19/2009 17:52:54 (Security ) INFO SECURITY SESSIONCLS Code 94
Session: IPSEC[83.103.XX.YY]:105 authorized
22240 11/19/2009 17:52:54 (Security ) INFO SECURITY SESSIONCLS Code 139
Session: IPSEC[83.103.XX.YY]:105 Applying group filter permit all
22239 11/19/2009 17:52:54 (Security ) INFO SECURITY SESSIONCLS Code 133
Session: IPSEC[83.103.XX.YY]:105 Building group filter permit all
22238 11/19/2009 17:52:54 (Security ) INFO SECURITY SESSIONCLS Code 73
Session: IPSEC[83.103.XX.YY]:105 bound to group /Base/RETE
22237 11/19/2009 17:52:54 (Security ) INFO SECURITY SESSIONCLS Code 84
Session: IPSEC[83.103.XX.YY]:105 authenticated using LOCAL
22236 11/19/2009 17:52:54 (Security ) INFO SECURITY SESSIONCLS Code 83
Session: IPSEC[83.103.XX.YY]:105 attempting authentication using LOCAL
22235 11/19/2009 17:52:54 (Security ) INFO SECURITY SESSIONCLS Code 80
Session: IPSEC[83.103.XX.YY]:105 SHARED-SECRET authenticate attempt...
**************************
i'm try to change in my office,
the contivity 1010 with another router cisco with this config :
*********CISCO ROUTER BRANCH OFFICE TEST******
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key PLUTO address 83.103.xx.yy no-xauth
!
!
crypto ipsec transform-set stronger esp-3des esp-sha-hmac
!
crypto map CryptoMap local-address FastEthernet0
crypto map CryptoMap 1 ipsec-isakmp
set peer 83.103.xx.yy
set transform-set stronger
match address 111
***********************************
and all works fine!
my problem is than i must use Contivity 1010 what is the error in config?
in web pannel in branch office/ipsec i have set this :
PresharedKey
Encryption:
- ESP - Triple DES with SHA1 Integrity: Enabled
- ESP - Triple DES with MD5 Integrity: Enabled
- ESP - NULL (Authentication Only) with SHA1 Integrity: Enabled
- AH - Authentication Only (HMAC-SHA1): Enabled
- AH - Authentication Only (HMAC-MD5): Enabled
IKE Encryption and Diffie-Hellman Group: Triple DES with Group 2 (1024-bit prime)
Vendor ID: Disabled
Aggressive Mode ISAKMP Initial Contact Payload: Enabled
Perfect Forward Secrecy: Disabled
Compression: Enabled
Rekey Timeout: 08:00:00
Rekey Data Count: (None)
ISAKMP Retransmission Interval: 16
ISAKMP Retransmission Max Attempts: 4
Keepalive interval: 00:01:00
Keepalive (On-Demand connections): DISABLED
Anti Replay: ENABLED
IPsec DFBit: CLEAR
i have read al documents about,
Contivity - Cisco PIX IPSec peer-to-peer branch office tunnel using preshared
key authentication
Thanks a lot for any Help!
Paolo S
