vpn pix to 3640 router

[mike6767]

I'm seting up a vpn pix to 3640 router that I just can't get the tunnel up
would someone look at this log and see if anything points to the problem.




Log Buffer (4096 bytes):

Nov 27 15:01:04.999: ISAKMP (0:2): purging node -568639019
Nov 27 15:01:04.999: ISAKMP (0:2): purging node 2105410201
Nov 27 15:01:14.999: ISAKMP (0:2): purging SA.
Nov 27 15:01:14.999: CryptoEngine0: delete connection 2
Nov 27 15:01:33.347: IPSEC(sa_request): ,
(key eng. msg.) src= 209.16.xx8.225, dest= 65.196.xx3.10,
src_proxy= 150.150.xx.0/255.255.192.0/0/0 (type=4),
dest_proxy= 65.196.xx.27/255.255.255.255/0/0 (type=1),
protocol= ESP, transform= esp-des esp-md5-hmac ,
lifedur= 3600s and 4608000kb,
spi= 0xF4E1E960(4108446048), conn_id= 0, keysize= 0, flags= 0x4005
Nov 27 15:01:33.347: ISAKMP: received ke message (1/1)
Nov 27 15:01:33.351: ISAKMP (0:2): beginning Main Mode exchange
Nov 27 15:01:33.351: ISAKMP (0:2): sending packet to 65.196.xx.10 (I) MM_NO_STATE
Nov 27 15:01:33.383: ISAKMP (0:2): received packet from 65.196.13.10 (I) MM_NO_STATE
Nov 27 15:01:33.383: ISAKMP (0:2): Notify has no hash. Rejected.
1w1d: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Informational mode failed with peer at 65.196.xx.10

 

[moxonta]

Mike,
Have you verified your access-lists? They must be mirror images of each other. Keep in mind the pix uses a standard subnet mask for its acl and the router uses a wildcard mask.
TM

 

[routerman]

Can you post up the router and pix IPSec configurations, see if we can spot the problem.