[vpn-help] Please Help Test Possible Cisco Interoperability Improvements ...
Kang Sun
sun_kang at hotmail.com
Thu Dec 17 16:58:50 CST 2009
>> 09/12/17 15:20:35 !! : peer violates RFC, transform number mismatch ( 1 != 14 )
>> 09/12/17 15:20:48 !! : unable to locate inbound policy for init phase2
>>
>> Anyone please suggest me what to do to fix this problem?
>> I am running Cisco Easy VPN wiht Dynamic Virtual Template Interface.
>>
>
> Did you try adding a single include network of 0.0.0.0/0 under the
> policy tab in your site configuration?
>
> -Matthew
Yes I did create an include network 0.0.0.0 / 0.0.0.0. It alone did not work. However, I made it work by did the following:
Since The Easy VPN server has the following line:
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
So I set on phase1
Cipher Algorithm to 3des
Hash Algorithm to sha1
and on Phase II
Transform Algorithm to esp-3des
This way I was able get rid of the (1!=14) mismatch log, but it still have the error about the inbound policy.
I then check what other options on phase II, so I turned on the compression/inflating and it worked!
It means it works with Windows XP client to Cisco Easy VPN Server.
I am going to test more on 64-bit platforms.
-- Kang
_________________________________________________________________
Hotmail: Trusted email with Microsoft’s powerful SPAM protection.
http://clk.atdmt.com/GBL/go/177141664/direct/01/
More information about the vpn-help
mailing list