e try to setup an ipsec vpn tunnel between two cisco routers (Site-A 192.168.123.2 and Site-B 192.168.36.250). Until today I would like to say that we're familiar with setting up vpn and managing cisco routers (for our purposes) but there is something new at Site-B with the c1841.
Both sides are vpn configured in old fashioned way starting isakmp phase1 negotiation but don't reach the QM_IDLE state.
The output of "sh crypto isakmp sa detail" shows at Site-A "Connection-id:Engine-id = 103:2(hardware)" but at Site-B "Connection-id:Engine-id = 0:0(unknown) (deleted)".
Should the connection-id:engine-id not be automaticaly assigned? We disabled aim (no crypto engine accelerator) to see software engine but it stays unkown.
What we're missing?
Cisco 3745 at Site-A
--------------------
c3745-advipservicesk9-mz.123-11.T2.bin
Cisco 3745 (R7000) processor (revision 2.0) with 249856K/12288K bytes of memory. Processor board ID JHY0853K26K R7000 CPU at 350MHz, Implementation 39, Rev 3.3, 256KB L2, 2048KB L3 Cache
2 FastEthernet interfaces 1 Serial interface 14 terminal lines 1 Channelized E1/PRI port 1 Virtual Private Network (VPN) Module DRAM configuration is 64 bits wide with parity disabled. 151K bytes of NVRAM. 62720K bytes of ATA System CompactFlash (Read/Write)Configuration register is 0x2102
Codes: C - IKE configuration mode, D - Dead Peer Detection K - Keepalives, N - NAT-traversal X - IKE Extended Authentication psk - Preshared key, rsig - RSA signature renc - RSA encryption
C-id Local Remote I-VRF Status Encr Hash Auth DH Lifetime Cap.
103 192.168.123.2 192.168.36.250 ACTIVE des sha psk 1 0 Connection-id:Engine-id = 103:2(hardware) 16 192.168.123.2 192.168.28.2 ACTIVE des sha psk 1 06:29:28 Connection-id:Engine-id = 16:2(hardware)Cisco 1841 at Site-B
-------------------- c1841-advipservicesk9-mz.124-3b.bin
Cisco 1841 (revision 6.0) with 236544K/25600K bytes of memory. Processor board ID FCZ100511X4
2 FastEthernet interfaces 2 Virtual Private Network (VPN) Modules DRAM configuration is 64 bits wide with parity disabled. 191K bytes of NVRAM. 62592K bytes of ATA CompactFlash (Read/Write)Configuration register is 0x2102
Codes: C - IKE configuration mode, D - Dead Peer Detection K - Keepalives, N - NAT-traversal X - IKE Extended Authentication psk - Preshared key, rsig - RSA signature renc - RSA encryption
C-id Local Remote I-VRF Status Encr Hash Auth DH Lifetime Cap.
0 192.168.36.250 192.168.123.2 ACTIVE 0 0 Connection-id:Engine-id = 0:0(unknown) (deleted)router#sh crypto engine configuration
crypto engine name: Virtual Private Network (VPN) Module crypto engine type: hardware State: Enabled Location: aim 0 VPN Module in slot: 0 Product Name: AIM-VPN/BPII-PLUS Software Serial #: 55AA Device ID: 001E - revision 0000 Vendor ID: 13A3 Revision No: 0x001E0000 VSK revision: 0 Boot version: 255 DPU version: 0 HSP version: 2.3(22) (ALPHA) Time running: 1w6d Compression: Yes DES: Yes 3 DES: Yes AES CBC: Yes (128,192,256) AES CNTR: No Maximum buffer length: 4096 Maximum DH index: 1000 Maximum SA index: 1000 Maximum Flow index: 2000 Maximum RSA key size: 2048
crypto engine name: Virtual Private Network (VPN) Module crypto engine type: hardware State: Disabled Location: onboard 0 HW Version: 1.0 Compression: Yes DES: Yes 3 DES: Yes AES CBC: Yes (128,192,256) AES CNTR: No Maximum buffer length: 4096 Maximum DH index: 0150 Maximum SA index: 0150 Maximum Flow index: 0300 Maximum RSA key size: 0000
crypto lib version: 19.0.0
crypto engine in slot: 0 platform: VPN hardware accelerator
Crypto Adjacency Counts: Lock Count: 0 Unlock Count: 0 crypto lib version: 19.0.0