Helo
We change our isp and start bgp, so we change our ip address. Now we have problem with vpn, we can't connect.
This is log from client:
1 15:33:55.070 01/15/08 Sev=Warning/2 IKE/0xE3000099 Invalid SPI size (PayloadNotify:116)2 15:33:55.070 01/15/08 Sev=Warning/3 IKE/0xA3000058 Received malformed message or negotiation no longer active (message id:
0x00000000)and this is my conf:
version 12.4 aaa new-model ! aaa authentication login userauthen local aaa authentication login ADMIN local aaa authorization network groupauthor local ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 ! crypto isakmp policy 10 encr 3des authentication pre-share group 2 crypto isakmp key qazxswedcvfr address 10.10.10.10 crypto isakmp keepalive 20 10 ! crypto isakmp client configuration group SKKVPN key 7_Wad_07 dns 192.168.1.1 wins 192.168.1.1 pool CLIENT_POOL2 ! ! crypto ipsec transform-set myset esp-3des esp-sha-hmac crypto ipsec transform-set 3des_sha esp-3des esp-sha-hmac
crypto dynamic-map dynmap 1 set transform-set myset ! ! crypto map CryptoMap_old_map 10 ipsec-isakmp description Quantum set peer 10.10.10.10 set transform-set 3des_sha set pfs group2 match address Acl_Ipsec_Quantum_Permit ! crypto map dynmap client authentication list userauthen crypto map dynmap isakmp authorization list groupauthor crypto map dynmap client configuration address respond crypto map dynmap 1 ipsec-isakmp dynamic dynmap ! ! crypto pki trustpoint TP-self-signed-3385040646 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-3385040646 revocation-check none rsakeypair TP-self-signed-3385040646 ! crypto pki certificate chain TP-self-signed-3385040646 certificate self-signed 01 3082154 308201BD A0030201 02220101 300D0609 2A864886 F70D02301 ... ! ip local pool CLIENT_POOL2 192.168.10.1 192.168.10.254 !
when i delete all acl on input interface i have the same problem - nobody can't connect
thanks for help or some clue
Ted