I'm trying to convert a crypto map VPN to a ip unnumbered VTI. The crypto map has been working for months. The VTI... no so much. Here are the applicable config entries.
### original config ! crypto isakmp policy 30 encr 3des authentication pre-share group 2 ! crypto isakmp key xxxxxxxx address 10.1.1.10 ! crypto ipsec transform-set 3DES-SHA esp-3des esp-sha-hmac ! crypto map CRYPTO 50 ipsec-isakmp set peer 10.1.1.10 set transform-set 3DES-SHA set pfs group2 match address VPN1 ! ip access-list extended VPN1 permit ip host 172.16.16.10 host 10.5.5.1 permit ip host 172.16.16.10 host 10.5.5.4
I only removed the crypto map and added the following.
### New Config crypto ipsec profile V1 set security-association lifetime seconds 28800 set transform-set 3DES-SHA set pfs group2 ! interface Tunnel0 ip unnumbered FastEthernet0/0 ip nat outside ip virtual-reassembly tunnel source 172.16.8.1 tunnel destination 10.1.1.10 tunnel mode ipsec ipv4 tunnel protection ipsec profile V1
I keep getting this ISAKMP error now.
ISAKMP:(0:54:HW:2):deleting SA reason "Recevied fatal informational" state (I) QM_IDLE (peer 10.1.1.10)
Any help would be greatly appreciated. Also... I have no idea what is running on the other end (it's a partner network), but I suspect it's a crypto map on IOS.
Thank you!
MikeG