Hi all,
I am trying to establish a VPN between a PIX 506 ( 6.3(4) ) and a Nortel Contivity. I don't have access to the Contivity.
A "sh isakmp sa" shows that the state of the tunnel doesn't go further than MM_KEY_EXCH
and a "debug cry isakmp" gives
ISAKMP (0): beginning Main Mode exchange crypto_isakmp_process_block:src:id3124, dest:x.x.x.x spt:500 dpt:500 OAK_MM exchange ISAKMP (0): processing SA payload. message ID = 0
ISAKMP (0): Checking ISAKMP transform 1 against priority 20 policy ISAKMP: encryption 3DES-CBC ISAKMP: hash SHA ISAKMP: default group 2 ISAKMP: auth pre-share ISAKMP: life type in seconds ISAKMP: life duration (basic) of 28000 ISAKMP (0): atts are acceptable. Next payload is 0 ISAKMP (0): SA is doing pre-shared key authentication using id type ID_FQDN return status is IKMP_NO_ERROR crypto_isakmp_process_block:src:id3124, dest:x.x.x.x spt:500 dpt:500 OAK_MM exchange ISAKMP (0): processing KE payload. message ID = 0
ISAKMP (0): processing NONCE payload. message ID = 0
ISAKMP (0): ID payload next-payload : 8 type : 2 protocol : 17 port : 500 length : 25 ISAKMP (0): Total payload length: 29 return status is IKMP_NO_ERROR crypto_isakmp_process_block:src:id3124, dest:x.x.x.x spt:500 dpt:500
and after a few seconds ISAKMP: error, msg not encrypted
What exactly can i conclude with this message. Does this means that the we don't use the same transform-set ? or something else ?
thanks